![tag web articles devonthink to go tag web articles devonthink to go](https://axle.design/media/_Axle-Logo--Blue-Black-on-White.png)
Websites that receive an ad through a compromised server deliver highly obfuscated JavaScript that determines if a visitor is using an iPhone or Android device. This time, Tag Barnakle is targeting both iPhone and Android users. The ads pushed fake Adobe Flash updates that, when run, installed malware on desktop computers. The feat allowed the group to distribute ads on more than 360 Web properties. When Confiant reported last year on Tag Barnakle, it found the group had infected about 60 Revive servers. The servers that deliver a secondary payload to those targets also use cloaking techniques to ensure that they also fly under the radar. To evade detection, the group uses client-side fingerprinting to ensure only a small number of the most attractive targets receive the malicious ads. Once it has compromised an ad server, Tag Barnakle loads a malicious payload on it. The 120 figure is twice the number of infected Revive servers Confiant found last year. Over the past year, Tag Barnakle has infected more than 120 servers running Revive, an open source app for organizations that want to run their own ad server rather than relying on a third-party service. “Likely, they’re also able to boast an ROI that would eclipse their rivals as they don’t need to spend a dime to run ad campaigns.” “Tag Barnakle, on the other hand, is able to bypass this initial hurdle completely by going straight for the jugular-mass compromise of ad serving infrastructure,” Confiant researcher Eliya Stein wrote in a blog post published Monday. That’s not the technique used by a malvertising group that security firm Confiant calls Tag Barnakle. The approach also requires paying money to buy space for the malicious ads to run. For one, scammers must invest time learning how the market works and then creating an entity that has a trustworthy reputation.
![tag web articles devonthink to go tag web articles devonthink to go](https://etherealmind.com/wp-content/uploads/2012/12/devon-think-smart-group-with-tags-01.jpg)
Infiltrating the ad ecosystem by posing as a legitimate buyer requires resources. Typically, the scammers behind this Internet scourge pose as buyers and pay ad-delivery networks to display the malicious ads on individual sites.
Tag web articles devonthink to go software#
The ads embed JavaScript that surreptitiously exploits software flaws or tries to trick visitors into installing an unsafe app, paying fraudulent computer support fees, or taking other harmful actions. Malvertising is the practice of delivering ads to people as they visit trusted websites. Hackers have compromised more than 120 ad servers over the past year in an ongoing campaign that displays malicious advertisements on tens of millions, if not hundreds of millions, of devices as they visit sites that, by all outward appearances, are benign.