Hackers Use Chipotle Ad To Spread Malware

Confiant, a cyber security company supporting publishers such as Tribune Media, Internet Brands, Vice Media, Peopleconnect, and Topix, identified what researchers at the company call the “single worst malware redirect attack” to date in 2018.


One in every 200 programmatic impressions acted as a malicious redirect to attack those viewing the ads. An additional three in 200 were fraudulent in-banner video (IBV) impressions, where the publisher’s display inventory was being misrepresented to video advertisers.

The hackers used a Chipotle ad developed in HTML5 to carry out a malware attack on June 11, 2018 that lasted for more than 7.5 hours until the exchange blocked the creative.

The hackers specifically targeted viewers in the U.S., about 65% running iOS and the remainder Android.

Chris Tolles, CEO and cofounder of the publisher Topix, uses Confiant’s technology to prevent redirects and block malware. “People hijack ads and redirect the session without the user doing anything,” he said. “We run ads on Taboola, Outbrain and Facebook, and then in short order they redirect the click to an app store. And we won’t know it at the time.”

Read more at Media Post:  https://www.mediapost.com/publications/article/323446/hackers-use-chipotle-ad-to-spread-malware.html