Sunday, February 28, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Popup enlarges at the last second so users click on ads instead of ‘Close’ button

March 31, 2019
in Internet Security
Popup enlarges at the last second so users click on ads instead of ‘Close’ button
587
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

If there’s one thing that cyber-criminals are good at, it’s at coming up with new ideas to generate profits in the shadiest and sometimes the most original ways.

Among all criminal groups, the most creative bunch are the ones involved with malvertising (malicious ads). Because of the quick pace at which browser vendors tend to patch reported problems, these groups need to come up with new tricks more often than their colleagues involved with desktop or mobile malware.

You might also like

These four new hacking groups are targeting critical infrastructure, warns security company

Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill

TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit

Over the past few months, security researchers at Malwarebytes, who study the evolution of malvertising groups and their respective campaigns, have observed a new method that crooks are using to generate profits.

The idea is to lure unsuspecting users on malicious websites that show an ad inside a popup. Like most popups, a “close” button will be displayed in the popup’s top-right corner.


Image: Malwarebytes
http://www.zdnet.com/

However, when the user moves his mouse to close the popup, CSS code from that page will expand the popup and move the ad in the cursor’s path, so any click on the close button will actually land on the ad instead.

Malwarebytes’ Jérôme Segura explains:

The crooks use CSS code dynamically appended to the page that monitors the mouse cursor and reacts when it comes over the X. The timing is important to capture the click a few milliseconds later when the ad banner comes in focus. These client-side tricks are implemented to maximize ad profits, since revenue generated from ad clicks is much higher.

Popup ad switcheroo

Image: Malwarebytes
http://www.zdnet.com/

An animated GIF of this old switcheroo trick is embedded below.

Malwarebytes has discovered a malvertising campaign that redirects users to websites where boobytrapped popups automatically adjust an ad’s position when users try to press the “close” button, so the user inadvertently clicks on the ad instead.https://t.co/gMqDig6F9Z pic.twitter.com/WVauzLdFjN

— Catalin Cimpanu (@campuscodi) March 31, 2019

In a report published this week, Segura said this trick was being abused by a group who has been recently involved in exploiting a WordPress plugin zero-day to take over sites.

The group planted code on these hacked sites to hijack small amounts of traffic that they’d later redirect towards various types of sites –such as tech support scams, sites performing ad fraud, or online stores hosting credit card-stealing code.

Traffic redirection diagram

Image: Malwarebytes
http://www.zdnet.com/

This trick of moving the ad in the place of a popup’s close button is just the latest in a long line of sneaky gimmicks.

In the past, crooks would trigger thousands of downloads until they froze users’ browsers on tech support scams, making them believe their computer had serious problems; they’d create JavaScript infinite loops to keep the CPU at 100 percent and slow down the user’s computer; or they’d use custom cursors to offset the mouse click area and prevent users from closing tabs [this has been recently fixed].

Since this latest trick of quickly transposing an ad’s position uses CSS code, it can’t be blocked by a classic ad blocker. However, using an ad blocker would prevent the ad getting loaded inside the popup in the first place, and would make this trick useless.

More browser coverage:


Credit: Source link

Previous Post

The significance of Interaction Plots in Statistics

Next Post

Google reclaiming identity labels to improve machine learning abuse filters

Related Posts

These four new hacking groups are targeting critical infrastructure, warns security company
Internet Security

These four new hacking groups are targeting critical infrastructure, warns security company

February 28, 2021
Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill
Internet Security

Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill

February 28, 2021
TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit
Internet Security

TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit

February 28, 2021
Cybercrime groups are selling their hacking skills. Some countries are buying
Internet Security

Cybercrime groups are selling their hacking skills. Some countries are buying

February 28, 2021
Why would you ever trust Amazon’s Alexa after this?
Internet Security

Why would you ever trust Amazon’s Alexa after this?

February 28, 2021
Next Post
Google reclaiming identity labels to improve machine learning abuse filters

Google reclaiming identity labels to improve machine learning abuse filters

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

These four new hacking groups are targeting critical infrastructure, warns security company
Internet Security

These four new hacking groups are targeting critical infrastructure, warns security company

February 28, 2021
The Time-Series Ecosystem – Data Science Central
Data Science

The Time-Series Ecosystem – Data Science Central

February 28, 2021
Accurate classification of COVID‐19 patients with different severity via machine learning – Sun – 2021 – Clinical and Translational Medicine
Machine Learning

Accurate classification of COVID‐19 patients with different severity via machine learning – Sun – 2021 – Clinical and Translational Medicine

February 28, 2021
Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill
Internet Security

Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill

February 28, 2021
Top Master’s Programs In Machine Learning In The US
Machine Learning

Top Master’s Programs In Machine Learning In The US

February 28, 2021
TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit
Internet Security

TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit

February 28, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • These four new hacking groups are targeting critical infrastructure, warns security company February 28, 2021
  • The Time-Series Ecosystem – Data Science Central February 28, 2021
  • Accurate classification of COVID‐19 patients with different severity via machine learning – Sun – 2021 – Clinical and Translational Medicine February 28, 2021
  • Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill February 28, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates