The Media Trust’s Malware Desk, the largest and most experienced team of digital threat analysts in the industry, gives names to pernicious and enduring threats. We track them over time and record their spread and evolutions. This helps media companies, adtech, ecommerce, and advertisers identify and remediate threats faster, before they can have a devastating impact on their consumers and business.
Targeted at the most vulnerable groups online (e.g., seniors, minors), this evasive malware convinces consumers that their devices are compromised and to call a bogus tech support operator, who takes remote control to cause financial harm.
Once the bane of mobile display advertising, GhostCat (aka ScamClub) has exploited programmatic video arbitrage to barrage consumers with phishing redirects—often on premium publishers.
Long a plague of email and search, SocGholish has broken into display advertising—via compromised landing pages from legit advertisers—to instantly infect consumer devices with backdoors… And it appears to be targeting governments and infrastructure.
Phishing upstart StringRipper hijacks the creatives and tags from legit advertisers, and then uses advanced levels of fingerprinting and obfuscation to evade detection and hit vulnerable consumers.
Threat actors are increasingly using AI and cloaking to lure consumers into crypto schemes or buy shady health products via fake celebrity endorsements.
PhonyFetcher is a sophisticated, multi-pronged campaign that mimics legitimate websites, browser alerts, and tech support tools to infiltrate user devices—especially those belonging to the most vulnerable internet users: seniors and minors.
LumaStealer targets browser-stored data, cryptocurrency wallets, and session information via fake “CAPTCHA” tricks on malicious websites. We thought it had been eradicated but it’s back with a vengeance.
PopCrawler looks like an ad tag with a basic banner image and minimal HTML. The creative seems innocuous enough but that’s how PopCrawler infests the digital media ecosystem — appearing so boring and plain as not to set off any alarms.
BiteLoader is a multi-stage malvertising framework that hides malicious JavaScript inside banner images using steganography. Once executed, it profiles devices, disables monitoring APIs, and forces phishing redirects, particularly in mobile and in-app environments.
