Eliya SteininConfiantMalvertiser “D-Shortiez” abuses WebKit back button hijack in forced-redirect campaignOver the last few years, as AdTech and browser security has continued to mature, many malvertisers have moved on from forced redirect…4 min read·Feb 8, 2023----
Eliya SteininConfiantHow One “Crypto Drainer” Template Facilitates Tens Of Millions Of Dollars In TheftOur previous blog provided an overview of Web3 phishing techniques and tactics, all of which continue to be relevant despite a recent…7 min read·Jun 15, 2022--3--3
Eliya SteininConfiantA Whirlwind Tour Of Crypto PhishingThe post-pandemic world has seen cryptocurrencies and blockchain products in general catapult in valuation and adoption. “Web3”, “DeFi”…8 min read·Mar 21, 2022----
Eliya SteininConfiantHow File Hashes Fail As A Malware Detection HeuristicIn this blog post we take a trip downstream from malvertising delivery mechanisms and take a close up look at a fake Flash update landing…4 min read·Dec 6, 2021----
Eliya SteininConfiantMalvertising Threat Actor “Yosec” Exploits Browser Bugs To Push Malware (CVE-2021–1765…Most threat actors that operate via ad tech have embraced an operational shift over the last 2 years, leaning heavily into cloaked…4 min read·Aug 16, 2021----
Eliya SteininConfiantLooking At Chrome Extensions That Hijack Search — Spread Via MalvertisingIn this blog post we discuss an ongoing malvertising campaign that pushes search hijacking browser extensions. We take a deep dive into…7 min read·Jun 30, 2021----
Eliya SteininConfiantTag Barnakle One Year Later: 120+ More Revive Adserver HacksA year ago, we published a comprehensive disclosure that introduced Tag Barnakle, a threat actor whose specialty is the mass compromise of…6 min read·Apr 19, 2021--1--1
Eliya SteininConfiantMalvertiser “ScamClub” Bypasses Iframe Sandboxing With postMessage() Shenanigans [CVE-2021–1801]This blog post is about the mechanics of a long tail iframe sandbox bypass found in a payload belonging to the persistent malvertising…5 min read·Feb 16, 2021----
Eliya SteininConfiantThe Trend Of Client-Side Fingerprinting In Cloaked Landing PagesThis blog post will examine the client-side aspect of cloaking in non auto-redirect based malvertising chains. We will analyze the anatomy…8 min read·Dec 11, 2020--1--1
Eliya SteininConfiantBrowlock Malvertisers Abuse Unaddressed Denial-Of-Service Bugs That Sit Dormant For YearsThis blog post will dissect a tech support scam that we caught on a major publisher running via native-style tile ads, which contrary to…8 min read·Aug 24, 2020----
![Malvertiser “ScamClub” Bypasses Iframe Sandboxing With postMessage() Shenanigans [CVE-2021–1801]](https://miro.medium.com/v2/resize:fill:160:106/1*-Tu1Wo8r_NRYYD4WrEBXZw.jpeg)
![Malvertiser “ScamClub” Bypasses Iframe Sandboxing With postMessage() Shenanigans [CVE-2021–1801]](https://miro.medium.com/v2/resize:fill:320:214/1*-Tu1Wo8r_NRYYD4WrEBXZw.jpeg)
