Research

The following is a list of articles I have published over the years. A lot of the inspiration comes from my own findings thanks to various tools I build (i.e. crawlers, honeypots). Many of the more recent posts are about malvertising as it happens to be something I enjoy tracking and a trend in the web threat landscape.

2024

• Dozens of Google products targeted by scammers via malicious search ads
• Threat actor impersonates Google via fake ad for Authenticator
• Fake Microsoft Teams for Mac delivers Atomic Stealer
• WorkersDevBackdoor and MadMxShell converge in malvertising campaigns
• Threat actors ride the hype for newly released Arc browser
• A peek inside a malvertising campaign
• Corporate users targeted via malicious ads and modals
• FakeBat campaign continues, now also targeting VMware users
• Bing ad for NordVPN leads to SecTopRAT
• New Go loader pushes Rhadamanthys stealer
• FakeBat delivered via several active malvertising campaigns
• One year later, Rhadamanthys is still dropped via malvertising
• Nitrogen shelling malware from hacked sites
• Malicious ads for restricted messaging applications target Chinese users
• Atomic Stealer rings in the new year with updated version

2023

• New MetaStealer malvertising campaigns
• PikaBot distributed via malicious search ads
• Malvertisers zoom in on cryptocurrencies and initial access
• Associated Press, ESPN, CBS among top sites serving fake virus alerts
• Atomic Stealer distributed to Mac users via fake browser updates
• Credit card skimming on the rise for the holiday shopping season
• Malvertiser copies PC news site to deliver infostealer
• Malvertising via Dynamic Search Ads delivers malware bonanza
• Hong Kong residents targeted in malvertising campaigns for WhatsApp, Telegram
• Clever malvertising attack uses Punycode to look like KeePass’s official website
• The forgotten malvertising campaign

2012-2022

• Previous blogs