Trusted Design

Magnitude EK - Actors, Redirectors and Gates

概要

We have been tracking a malvertising campaign distributing the Cerber ransomware linked to the actor behind the Magnitude exploit kit for months. It will pop on one ad network, then onto another and come back again ad infinitum (no pun intended). Despite a global slowdown in exploit kit activity, this particular distribution channel has remained active and strong. In this post we take a look at some past and present indicators of compromise that show how fake identities remain an effective way to defeat ad platforms’ security checks (for those that have some anyway). This activity dates back to last year with Magnitude pushing CryptoWall for a few months, before switching to Teslacrypt briefly and finally settling on Cerber. One of this attackers’ favourite spot has been on torrent or streaming sites but also via monetized URL shorteners that use a pay per view/click model when people open up a shortened URL and have to wait for an advert to load before getting to their destination.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

• Spike in Malvertising Attacks Via Nuclear EK Pushes Ransomware (score: 0.69)
• Large Malvertising Campaign Goes (Almost) Undetected (score: 0.63)
• MarsJoke Ransomware Mimics CTB-Locker (score: 0.61)
• CryptoWall sent by Angler and Neutrino exploit kits (score: 0.60)
• The HookAds Malvertising Campaign (score: 0.60)

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

---

← Pulse一覧に戻る