Dating site users infected with banking Trojan after malvertising attack

Deborah Salmi, 24 August 2015

Dating site users infected with banking Trojan after malvertising attack

A popular dating site and a huge telecommunications company were hit with malvertising.

Hacker at work Trusted websites can be hit with malvertising

Popular dating site Plenty of Fish (POF) and Australian telco giant Telstra were infected with malicious advertising from late last week over the weekend. The infection came from an ad network serving the advertisements that the websites displayed to their visitors.

Malvertising happens when cybercrooks hack into ad networks and inject malicious code into online advertising. These types of attacks are very dangerous because web users are unaware that anything is wrong and do not have to interact in any way to become infected. Just last week, other trusted sites like weather.com and AOL were attacked in the same way. In the Telstra and POF attacks, researchers say that a malicious advertisement redirected site visitors via a Google URL shortener to a website hosting the Nuclear Exploit kit which infected users with the Tinba Banking Trojan.

Malwarebytes researchers observed an attack before the POF discovery and surmised in their blog, “Given that the time frame of both attacks and that the ad network involved is the same, chances are high that pof[dot]com dropped that Trojan as well.” In turn, the Telstra attack was similar to the Plenty of Fish attack.

In an interview with SCMagazineUK.com, Senior Malware Analyst Jaromir Horejsi said,

“To protect themselves from malvertising, people should keep their software, such as browsers and plugins up-to-date, adjust browser settings to detect and flag malvertising. They should also have antivirus software installed to detect and block malicious payloads that can be spread by malvertising.”

The people at the highest risk are those website visitors with out-of-date software like Adobe Flash, Windows, or Internet Explorer. They could find their PC infected with the Tinba Banking Trojan, which is known for stealing banking credentials. Tinba aka Tiny Banker went global last year when it targeted banks like Wells Fargo, HSBC, Bank of America, and ING Direct. The success of the Trojan relied heavily on a bank customer’s system being vulnerable because of out-of-date software.

For more protection, use security software such as Avast Antivirus with the Software Updater feature. Software Updater informs you about updates and security patches available for your computer.


 

Follow Avast on Facebook, Twitter, YouTube, and Google+ where we keep you updated on cybersecurity news every day.

Related articles