'Kyle & Stan' Parks Malvertising On Amazon, YouTube'Kyle & Stan' Parks Malvertising On Amazon, YouTube
Windows and Macs alike are at risk to sophisticated mutating malware.
September 9, 2014
A malicious advertising (malvertising) network is distributing spyware, adware, and browser hijackers to both Macs and PCs, crafting a unique malware bundle for each machine it infects. The network, dubbed "Kyle and Stan" by Cisco's TALOS Security Research, is 700 domains strong, including the likes of amazon.com and youtube.com. "This by all means is most likely just the tip of the iceberg," researchers said in a blog post today.
The world of online ads has only a few major players that are supplying ads to thousands of websites. If an attacker can get one of those major advertisement networks to display an advertisement with a malicious payload just for a few minutes without being detected, then countless machines can be infected by such an attack.
"Kyle and Stan" is so named because the group dubbed hundreds of their subdomains "stan.mxp2099.com" and "kyle.mxp2038.com." Here's what happens when a user visits one of the malicious sites:
The website automatically starts the download of a unique piece of malware for every user. The file is a bundle of legitimate software, like a media-player, and compiles malware and a unique-to-every-user configuration into the downloaded file. The attackers are purely relying on social engineering techniques, in order to get the user to install the software package. No drive-by exploits are being used thus far. The impressive thing is that we are seeing this technique not only work for Windows, but for Mac operating systems alike.
The malicious kit for Macs includes the legitimate application MPlayerX and the malicious browser hijackers Conduit and VSearch.
Because the malware package is unique to each infected machine, the checksum is different every time, which makes detection very difficult.
"All in all," say the researchers, "we are facing a very robust and well-engineered malware delivery network that won't be taken down until the minds behind this are identified."
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023