Hackers Use Adf.ly To Deliver a New Tinba Variant
If you visit adf.ly links often, there is a huge chance that you are infected with a new variant of Tinba banking malware.
Researchers at security firm Malwarebytes
have observed the Timba variant being distributed via the HanJuan
Exploit Kit as part of a malvertising attack that involves advertising
and URL shortening service Adf.ly.
When a user visits a malvertised Adf.ly link, the HanJuan EK loads
and fires Flash Player (CVE-2015-0359) and Internet Explorer
(CVE-2014-1776) exploits. Then it drops the banking malware onto users'
disk.
"The payload we collected uses several layers of encryption within the
binary itself but also in its communications with its Command and
Control server. The purpose of this Trojan is information stealing
performed by hooking the browser to act as a man-in-the-middle and grab
passwords and other sensitive data," said Jerome Segura, senior security
researcher at Malwarebytes.
How To Protect Yourself
If you want to protect yourself from malvertising attacks, you should disable Flash Player in web browsers or install Anti-exploit on your computer.
Most important thing is....you must install patches and updates regularly.
