Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Malware Served via Anti-Adblocking Service PageFair

Hackers breached the systems of anti-adblocking solutions provider PageFair and used the access to deliver malware via the publishers that rely on the company’s services.

Hackers breached the systems of anti-adblocking solutions provider PageFair and used the access to deliver malware via the publishers that rely on the company’s services.

PageFair helps web publishers measure and recover revenue lost due to ad blockers, which have become increasingly problematic for the advertising industry. The company says it serves more than 3,000 websites.

Malicious actors penetrated the company’s systems after gaining access to a key email account via a spear phishing attack. Once they obtained access, the attackers hijacked PageFair’s account on the content delivery network MaxCDN and modified settings to replace the company’s legitimate analytics JavaScript tag with a piece of malware disguised as an Adobe Flash Player update.

PageFair admitted that it had not activated two-factor authentication (2FA) on its MaxCDN account – the security feature was only activated after the incident was addressed.

According to researchers at F-Secure, the threat was a remote administration tool (RAT) known as NanoCore. VirusTotal shows that major antiviruses detected the malware at the time of the attack, and users would have had to manually run the malicious files in order to get infected.

PageFair said it detected the breach within minutes, but it took the company nearly an hour and a half to completely neutralize the attack. During this period, the malware made it to the websites of 501 publishers, 40 percent of which have more than one million page views per month.

In an update provided on Monday evening, PageFair said just 2.3 percent of the affected websites’ visitors were at risk of getting infected.

“There is no evidence or reason to believe that any core pagefair servers or databases were compromised. No publisher account information, passwords or personal information has been leaked,” Sean Blanchfield, CEO of PageFair, wrote in a post-mortem of the attack.

Advertisement. Scroll to continue reading.

Related Reading: 13 Million Passwords Leaked From Free Hosting Service

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...