Eliya SteininConfiantThe Curious Case Of MutantBedrog’s Trusted-Types CSP BypassMutantBedrog is a malvertiser that caught our attention early summer ’24 for their highly disruptive forced redirect campaigns and the…Sep 16Sep 16
Eliya SteininConfiantMalvertiser “D-Shortiez” abuses WebKit back button hijack in forced-redirect campaignOver the last few years, as AdTech and browser security has continued to mature, many malvertisers have moved on from forced redirect…Feb 8, 2023Feb 8, 2023
Eliya SteininConfiantHow One “Crypto Drainer” Template Facilitates Tens Of Millions Of Dollars In TheftOur previous blog provided an overview of Web3 phishing techniques and tactics, all of which continue to be relevant despite a recent…Jun 15, 20224Jun 15, 20224
Eliya SteininConfiantA Whirlwind Tour Of Crypto PhishingThe post-pandemic world has seen cryptocurrencies and blockchain products in general catapult in valuation and adoption. “Web3”, “DeFi”…Mar 21, 2022Mar 21, 2022
Eliya SteininConfiantHow File Hashes Fail As A Malware Detection HeuristicIn this blog post we take a trip downstream from malvertising delivery mechanisms and take a close up look at a fake Flash update landing…Dec 6, 2021Dec 6, 2021
Eliya SteininConfiantMalvertising Threat Actor “Yosec” Exploits Browser Bugs To Push Malware (CVE-2021–1765…Most threat actors that operate via ad tech have embraced an operational shift over the last 2 years, leaning heavily into cloaked…Aug 16, 2021Aug 16, 2021
Eliya SteininConfiantLooking At Chrome Extensions That Hijack Search — Spread Via MalvertisingIn this blog post we discuss an ongoing malvertising campaign that pushes search hijacking browser extensions. We take a deep dive into…Jun 30, 2021Jun 30, 2021
Eliya SteininConfiantTag Barnakle One Year Later: 120+ More Revive Adserver HacksA year ago, we published a comprehensive disclosure that introduced Tag Barnakle, a threat actor whose specialty is the mass compromise of…Apr 19, 20211Apr 19, 20211
Eliya SteininConfiantMalvertiser “ScamClub” Bypasses Iframe Sandboxing With postMessage() Shenanigans [CVE-2021–1801]This blog post is about the mechanics of a long tail iframe sandbox bypass found in a payload belonging to the persistent malvertising…Feb 16, 2021Feb 16, 2021
Eliya SteininConfiantThe Trend Of Client-Side Fingerprinting In Cloaked Landing PagesThis blog post will examine the client-side aspect of cloaking in non auto-redirect based malvertising chains. We will analyze the anatomy…Dec 11, 20201Dec 11, 20201
![Malvertiser “ScamClub” Bypasses Iframe Sandboxing With postMessage() Shenanigans [CVE-2021–1801]](https://miro.medium.com/v2/resize:fill:160:106/1*-Tu1Wo8r_NRYYD4WrEBXZw.jpeg)
![Malvertiser “ScamClub” Bypasses Iframe Sandboxing With postMessage() Shenanigans [CVE-2021–1801]](https://miro.medium.com/v2/resize:fill:320:214/1*-Tu1Wo8r_NRYYD4WrEBXZw.jpeg)
