Hackers exploit ad tools to track victims, boosting scam efforts

By Sana Pashankar

Hackers are sending malicious PDF attachments containing a link that’s registered through an advertising network, security researchers from HP Inc, said. — Photo by Towfiqu barbhuiya on Unsplash

Cybercriminals are using advertising tools to make their scams as “clickable” as possible.

In a new kind of email phishing tactic, hackers are sending malicious PDF attachments containing a link that’s registered through an advertising network, security researchers from HP Inc said in findings released Thursday. When email recipients click the link, which hackers use to collect analytics on the number of clicks that their messages attract, they’re directed to a kind of malware called DarkGate.

Advertising tools allow hackers to more effectively evade detection and, crucially, measure the extent to which their scam operations are successful in much the same way that legitimate websites analyse their Internet traffic. Because the link is registered under a legitimate advertising network, it has a more credible URL, which is less likely to draw scepticism by potential victims, according to researchers.

“Cybercriminals are applying the same tools a business might use to manage a marketing campaign to optimise their malware campaigns, increasing the likelihood the user will take the bait,” said Ian Pratt, global head of security for personal systems at HP.

Hackers have also utilised other legitimate corporate tools to advance their operations like PowerShell, a task automation program from Microsoft Corp, and WinSCP, a file manager.

DarkGate malware is capable of collecting keystrokes and accessing sensitive files, according to cybersecurity research. It’s sold on various Russian-speaking cybercriminal forums.

Ad services also help hackers subvert many automated cybersecurity products by including a CAPTCHA test to determine is someone is a human or a bot. CAPTCHAs defeat many cyber tools because the automated nature of their scanning, a standard practice, fails the identity test.

The DarkGate campaign has experimented with different types of PDFs to trick victims, including one depicting a fake OneDrive error and the other in the style of an Adobe Reader interface, according to Alex Holland, a senior malware analyst on HP’s threat research team.

“That’s probably an indicator that they’re actually using these analytical tools to assess which lure is more effective than the other,” Holland added. – Bloomberg

×

Related stories:

South Korea says presumed North Korean hackers breached personal emails of presidential staffer

Prudential says hackers gained access to its computer systems

North Korean-linked hackers are targeting crypto platforms more but stealing less, report says

Microsoft says Russian state-sponsored hackers spied on its executives

Hackers flood chats at California university with gory videos. ‘Could really not unsee’

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

   

Report it to us.

Next In Tech News
Hong Kong businesses embrace potential of silver economy with more services, tech for rising number of elderly
China carer devotes life to solitary elderly man for 12 years, gets five flats worth millions in thanks for efforts, wins plaudits online
Einstein and anime: Hong Kong university tests AI professors
Foxconn's Q1 profit to jump from low base, AI to power growth
China tech giant Baidu VP apologises after backlash over tough style
Boater dies just feet from land when he dives in to find cellphone, US cops say
Snapchat is focused on making app safe, CEO Evan Spiegel says
PR executive at Chinese tech firm Baidu apologises for comments seen as glorifying overwork
Japan ex-minister says drone video of carrier a serious problem
Entrepreneur fined RM80,000 for using unauthorised communications equipment

Trending in Tech

Others Also Read

Load more

Copyright © 1995- Star Media Group Berhad [197101000523 (10894-D)]

Best viewed on Chrome browsers.