Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Malware Served via Anti-Adblocking Service PageFair

Hackers breached the systems of anti-adblocking solutions provider PageFair and used the access to deliver malware via the publishers that rely on the company’s services.

Hackers breached the systems of anti-adblocking solutions provider PageFair and used the access to deliver malware via the publishers that rely on the company’s services.

PageFair helps web publishers measure and recover revenue lost due to ad blockers, which have become increasingly problematic for the advertising industry. The company says it serves more than 3,000 websites.

Malicious actors penetrated the company’s systems after gaining access to a key email account via a spear phishing attack. Once they obtained access, the attackers hijacked PageFair’s account on the content delivery network MaxCDN and modified settings to replace the company’s legitimate analytics JavaScript tag with a piece of malware disguised as an Adobe Flash Player update.

PageFair admitted that it had not activated two-factor authentication (2FA) on its MaxCDN account – the security feature was only activated after the incident was addressed.

According to researchers at F-Secure, the threat was a remote administration tool (RAT) known as NanoCore. VirusTotal shows that major antiviruses detected the malware at the time of the attack, and users would have had to manually run the malicious files in order to get infected.

PageFair said it detected the breach within minutes, but it took the company nearly an hour and a half to completely neutralize the attack. During this period, the malware made it to the websites of 501 publishers, 40 percent of which have more than one million page views per month.

In an update provided on Monday evening, PageFair said just 2.3 percent of the affected websites’ visitors were at risk of getting infected.

“There is no evidence or reason to believe that any core pagefair servers or databases were compromised. No publisher account information, passwords or personal information has been leaked,” Sean Blanchfield, CEO of PageFair, wrote in a post-mortem of the attack.

Related Reading: 13 Million Passwords Leaked From Free Hosting Service

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Nation-State

The North Korean APT tracked as TA444 is either moonlighting from its previous primary purpose, expanding its attack repertoire, or is being impersonated by...