The article emphasizes the dangers of visiting compromised websites integrated with malicious adtech, illustrating how such practices can ensnare users into a cycle of deceitful notifications and scams. The impact of these interactions extends beyond the moment, leading to long-term misinformation and unwanted subscriptions. Affected: websites, mobile devices, cybersecurity sector, adtech industry
Keypoints :
- Visiting compromised websites can lead to long-lasting adverse effects on users’ devices and experiences.
- Malicious adtech exploits push notifications to deliver deceptive messages to users.
- Users can easily fall victim due to the vast number of hacked websites and the simplicity of adtech integration.
- The threat actor, VexTrio Viper, utilizes a traffic distribution system (TDS) to route users to malicious content.
- Push notifications received often lead to scams, malware delivery, and disinformation.
- The scareware industry thrives on user fear, pushing unnecessary security products through deceptive notifications.
- Initial interactions with compromised sites can lead to an overwhelming number of alerts and misleading information.
- Scammers benefit financially from users’ subscriptions while adtech companies profit through engagement with the malware ecosystem.
MITRE Techniques :
- Initial Access (T1071.001) – Compromised website leads to user acceptance of malicious push notifications.
- Execution (T1059.001) – Users are redirected through a series of domains resulting in malicious content execution.
- Command and Control (T1071.004) – Use of push notifications managed by TDS to communicate with compromised devices.
- Data Manipulation (T1531) – Users are subjected to manipulated news feeds based on fraudulent adtech practices.
- Credential Dumping (T1066) – The acceptance of notifications allows attackers to collect sensitive user information over time.
Indicator of Compromise :
- [Domain] germannautica[.]com
- [Domain] fatdoggish[.]net
- [Domain] puschme[.]net
- [Domain] kbvt0wytrk[.]com
- [Domain] trcksolution[.]com
Full Story: https://blogs.infoblox.com/threat-intelligence/pushed-down-the-rabbit-hole/