The HookAds malvertising campaign is a campaign that buys cheap ad space on low quality ad networks that are typically used by adult sites, blackhat SEO sites, and online games. The ads will redirect users through a series of decoy sites that resemble pages filled with ads, games, or other low-quality pages. For the attacker, if all goes as planned, the user will end up loading the Fallout exploit kit. Once Fallout is activated, it will make an attempt to exploit any vulnerabilities in Windows to install various malware which include the Danabot Trojan, GlobeImposter ransomware, and the Nocturnal information stealer. For users running Internet Explorer, Fallout will make an attempt to exploit the Windows VBScript vulnerability (CVE-2018-8174) to install the payload.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased