Malicious Advertising Campaign Distributing Info-Stealer Malware

Microsoft® Windows OS Android OS Apple iOS
Advisory ID:
January 9, 2024


Cybercriminals are continuously looking for and developing new ways to disseminate malware, with the most recent option being through malicious advertisements. These malicious advertising, or malvertising campaign are used to spread .NET loaders, known as MalVirt, that deploy information-stealing malware unto unsuspecting devices. Malvertising is a relatively recent hacking strategy that embeds harmful malware in digital advertisements. Almost every internet user is vulnerable to infection.

Description & Consequence

Malvertising can appear on any advertisement on any website, including those you visit on a regular basis. Malvertising typically begins by breaching a third-party server, which allows the cybercriminal to inject malicious code within a display ad or some element such as banner ad, video content, etc. Once clicked by a website visitor, the corrupted code within the ad will install a small piece of code that connects your computer to criminal command and control (C&C) servers. The server searches your computer for its location and what software is installed on it before deciding which malware to send you. In recent campaigns, malvertising is the most common method of distribution, which includes inserting malicious advertisements into popular search engines when unsuspecting users conduct searches. By clicking on such a link, a device will be infected with the MalVirt loader, which uses a KoiVM virtualizing protector to avoid detection and analysis by anti-malware software. The loader will then install a malware and a signed driver, allowing it to perform actions with elevated privileges. The malware can also hide its C2 (command and control) traffic behind bogus HTTP requests to various dummy domains.

Upon installation, the malware delivered via malvertising attacks operates as any other form of malware. It can damage files, redirect internet traffic, monitor the user’s activity, steal sensitive data or set up backdoor access points to the system. Malware may also be used to delete, block, modify, leak or copy data, which can then be sold back to the user for ransom or on the dark web.


Malvertising is extremely difficult to detect and avoid. However, to avoid falling victim:

  1. Refrain from clicking on arbitrary advertising links.
  2. Install reliable anti-malware software and genuine ad blockers to reduce the risk of running a malicious advertisement.
  3. Keep operating system and anti-virus software up-to-date.
  4. Run regular and schedules security scans.
  5. Ensure that all software and extensions, including web browsers, are up to date.
  6. Avoid using Flash and Java or allowing these programs to run automatically when surfing the web.



Related Articles