Virtual Event Now Live: Zero Trust Strategies Summit! - Login for Access
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Malware Served via Anti-Adblocking Service PageFair

Hackers breached the systems of anti-adblocking solutions provider PageFair and used the access to deliver malware via the publishers that rely on the company’s services.

Hackers breached the systems of anti-adblocking solutions provider PageFair and used the access to deliver malware via the publishers that rely on the company’s services.

PageFair helps web publishers measure and recover revenue lost due to ad blockers, which have become increasingly problematic for the advertising industry. The company says it serves more than 3,000 websites.

Malicious actors penetrated the company’s systems after gaining access to a key email account via a spear phishing attack. Once they obtained access, the attackers hijacked PageFair’s account on the content delivery network MaxCDN and modified settings to replace the company’s legitimate analytics JavaScript tag with a piece of malware disguised as an Adobe Flash Player update.

PageFair admitted that it had not activated two-factor authentication (2FA) on its MaxCDN account – the security feature was only activated after the incident was addressed.

According to researchers at F-Secure, the threat was a remote administration tool (RAT) known as NanoCore. VirusTotal shows that major antiviruses detected the malware at the time of the attack, and users would have had to manually run the malicious files in order to get infected.

PageFair said it detected the breach within minutes, but it took the company nearly an hour and a half to completely neutralize the attack. During this period, the malware made it to the websites of 501 publishers, 40 percent of which have more than one million page views per month.

In an update provided on Monday evening, PageFair said just 2.3 percent of the affected websites’ visitors were at risk of getting infected.

“There is no evidence or reason to believe that any core pagefair servers or databases were compromised. No publisher account information, passwords or personal information has been leaked,” Sean Blanchfield, CEO of PageFair, wrote in a post-mortem of the attack.

Advertisement. Scroll to continue reading.

Related Reading: 13 Million Passwords Leaked From Free Hosting Service

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

Omkhar Arasaratnam, former GM at OpenSSF, is LinkedIn's first Distinguised Security Engineer

Defense contractor Nightwing has appointed Tricia Fitzmaurice as Chief Growth Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.