Top Australian Classifieds Site Serves Malware In Malvertising Attack

JMH

Emeritus, Contributor
Joined
Apr 2, 2012
Posts
7,197
Gumtree is a free classified advertising site and subsidiary of eBay particular popular in the UK, Australia, and South Africa. Gumtree is the number one local classifieds in Australia with 47.8M monthly visits* and was recently affected by a malvertising attack.

Threat actors hacked the account of an Australian legal firm called Concisus Legal to create a legitimate looking but fraudulent subdomain off their main server.

Legitimate domain:

Hostname: concisus.com.au
IP address: 203.170.87.121

Rogue advertiser
:

Hostname: ads.concisus.com.au
IP address: 46.165.218.138

In addition to using a different server infrastructure, the fraudulent advert is served via HTTPS, while the legal firm’s site is only using plain HTTP. This is a technique we have observed several times before.

The rogue advertisers simply lifted the company logo and some text from their website to create what looks like a typical ad banner. They then approached ad networks and pretended to want to advertise under the disguise of the victims they abused.
Top Australian Classifieds Site Serves Malware In Malvertising Attack | Malwarebytes Labs
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top