The infamous Tag Barnakle ad group hacked Revive ad servers to import and display malicious ads to careless visitors.
Most online publishers use ad-hosted advertising platforms such as Google Ad Manager to promote their ads, but some still prefer to use self-hosted ad platforms for greater control and flexibility in how their ads appear.
An open source self-hosted platform that has been around for ten years is called Revive Adserver.
In a new report from the advertising company Confiant, we can see how a malicious advertiser known as Tag Barnakle compromises the Revive ad servers en masse to introduce his own code into a publisher's existing advertising campaigns.
"In recent months, we have seen a wave of malicious ads linked to Revive's advertising material spanning dozens of ad servers, including those owned and operated by publishers and ad networks," Confiant security researcher Eliya Stein explained in an essay.
Stein said that these fake updates from Adobe Flash player install Shalyer Trojan or other botnet packages on macOS systems.
For Windows users, the sample shared on BleepingComputer installs a package of advertising programs such as InstallCore, which is known to infect victims with ransomware, Trojan information theft, unwanted browser extensions and other malware.
Advertised ad servers have a wide range
Confiant has seen Tag Barnakle on more than 360 websites, but their scope is much larger due to software used by smaller ad providers that offer real-time offers.
In a hacked RTB ad provider, Confiant "saw" up to 1,25 (million) malicious ads appear in a single day.
While it may be tempting to use your own advertising servers, it also opens up a publisher at the risk of potential violations allowing intruders to import malicious ads.
Therefore, use an open source ad server only if you have the time and workforce to stay informed about updates. security and be able to install them quickly once they are released.
If you are a small company with limited staff, it may be wiser to follow a hosted solution to avoid these risks.