01 May 19, 15:21
(This post was last modified: 01 May 19, 15:22 by silversurfer.)
Quote:Threat actors ran a malvertising campaign on the Russian Yandex.Direct advertising network starting October 2018 to disseminate a malware cocktail designed to encrypt victims' data and steal cryptocurrency.
The hacking group targeted Russian organizations using malicious payloads camouflaged as document templates and hosted on the GitHub code hosting platform, one of the goals being to steal sensitive cryptocurrency-related data.
As the ESET Research team detailed in its report, Yandex disabled the malvertising campaign after receiving their alert about malicious ads used to redirect victims to malware-ridden template packs.
ESET Research's analysis further revealed that the targets were lured to the malvertising landing pages after searching for key-phrases similar to "download invoice template," "claim complaint example," or "examples of legal contracts" which indicates that the campaign was targeting corporate entities by attempting to compromise their accountants' computers.
The researchers also found that "the cybercriminals put the malicious files on their GitHub repository only for a limited period of time, probably while the ad campaign was active. Most of the time, the payload on GitHub was an empty zip file or a clean executable."
SOURCE: https://www.bleepingcomputer.com/news/se...ansomware/
![[-]](https://www.geeks.fyi/images/collapse.png)
