The DeceptionAds malvertising campaign is wreaking havoc across the internet, exploiting the very ad networks many businesses rely on for digital advertising. By redirecting users to fake CAPTCHA pages, this cyberattack is generating over 1 million daily impressions across more than 3,000 websites. This blog explores how DeceptionAds works, its impact on users, and what businesses can do to protect themselves from falling victim to this growing threat.
What is DeceptionAds Malvertising?
DeceptionAds is a malvertising campaign that uses fake CAPTCHA pages to exploit online users. Cybercriminals use ad networks, particularly Monetag and BeMob, to serve malicious ads that look legitimate but are designed to trick users into executing harmful commands. These fake CAPTCHA pages instruct users to run PowerShell commands, ultimately leading to the installation of information stealers like Lumma.
The campaign operates through a Traffic Distribution System (TDS), redirecting users to fake CAPTCHA pages hosted on services like Oracle Cloud, Cloudflare, and Scaleway. With 1 million+ daily impressions, this attack is one of the most widespread malvertising efforts, affecting users and businesses globally.
How DeceptionAds Works: The Attack Chain
- Monetag and BeMob Ad Networks: The cybercriminals behind DeceptionAds rely on Monetag, an ad management platform, and BeMob, an ad-tracking service. These platforms are used to serve fake ads that redirect users to malicious sites.
- Fake CAPTCHA Pages: Once a user clicks on an infected ad, they’re redirected to a fake CAPTCHA page. This page prompts them to execute a Base64-encoded PowerShell command, which downloads and installs malware on their device. The malware often steals sensitive personal and financial data.
- Cloaking and Redirection: Attackers use cloaking techniques to disguise the malicious nature of the ads. By using trusted ad networks, they bypass some of the security filters and moderation efforts designed to block harmful content.
The Impact of DeceptionAds on Users and Businesses
DeceptionAds is causing widespread harm, stealing personal and financial information from unsuspecting users. The attackers use these methods to gain access to personal accounts, credit card details, and other sensitive data, which can be used for financial fraud.
For businesses that rely on online ads, this type of malvertising is a serious concern. If your business uses third-party ad networks, it could unknowingly serve these malicious ads to customers, compromising their security and your company’s reputation. Furthermore, the ad networks, publishers, and cloud service providers involved face increasing pressure to enforce stricter moderation and security measures.
What’s Being Done to Combat DeceptionAds?
As of late November 2024, Monetag and BeMob have started taking action against the malicious actors. Monetag has removed over 200 malicious accounts, and BeMob has done the same to mitigate the effects of this campaign. However, experts suggest the campaign is ongoing, with signs of new attacks emerging in December 2024.
How Can Businesses Protect Themselves from Malvertising?
- Vet Your Ad Networks: Ensure the ad networks you partner with have robust monitoring systems to detect and block malicious ads. Look for networks that offer content moderation and ad verification.
- Use Real-Time Security Monitoring: Implement anti-malware tools, ad-blocking software, and real-time threat detection systems to prevent exposure to malicious ads.
- Educate Employees and Users: Make sure your employees and users are aware of malvertising risks and how to recognize suspicious ads, fake CAPTCHA pages, and other red flags.
- Regular Audits of Third-Party Content: Regularly review the ads and content served on your website or app to ensure they meet security standards and do not expose visitors to malvertising.
- Work with Cybersecurity Experts: Collaborate with cybersecurity firms that specialize in malvertising detection and offer continuous monitoring to ensure your systems are secure.
Conclusion: The Growing Threat of Malvertising
DeceptionAds is a powerful reminder of how ad networks—intended for legitimate advertising—can be weaponized for malicious purposes. As cybercriminals continue to exploit these platforms, businesses must take steps to ensure their ad networks are secure and that they are not inadvertently putting users at risk. By staying vigilant, investing in stronger security protocols, and choosing trusted ad partners, businesses can protect themselves and their customers from the growing threat of malvertising.
At Isogent, we continue to monitor these evolving threats and offer comprehensive cybersecurity solutions to safeguard your business against the risks of malvertising and other digital security breaches.
