AdGholas Malvertising Campaigns Infect Thousands of Users Daily

Security researchers at proofpoint have alerted of a malicious campaigns AdGholas which uses sophisticated techniques. This made the cyber-attack stay hidden for months and served to infiltrate millions of computers.

The AdGholas operation has been running since at least October 2015. According to Proofpoint, cyber criminals managed to distribute malicious ads through more than 100 ad exchanges, attracting between 1 million and 5 million visits to its website daily.

The malware used to infect users perform a verification against virtualization and sandboxes this to prevent security researchers from conducting their analyses.  There other controls implemented to filter victims by the geolocation and to target users within a specific regions.

The AdGholas also used steganography to hide the malicious javascript code in images that can be extracted and executed against required targets.


AdGholas “EcCentre” campaign 2015-11-05 sourced proofpoint

Researchers Proofpoint estimate that between 10 and 20% of the network IP loaded ads were redirected to servers hosting exploit kits, attack tools based on web that infiltrate into the most popular applications in order to install malware.

some of the fact about AdGholas network that it is a massive scale, very advanced and innovative malware, have a Sophisticated filtering to identify the next victim and have a high Convincing to victim as the redirect sites avoid suspicion. you can find the full malware analyses over this link:

Notify of
Inline Feedbacks
View all comments