Telstra News spews banking trojan after malvertising attack

Posted on

Australia’s dominant telco, Telstra, has been serving one of the world’s most dangerous hacking tools after its news site was infected with malvertising.

Malwarebytes researcher Jerome Segura says the attackers were likely dropping the Tinba trojan, considered to be the world’s smallest malware by file size at about 20kb and one that raids bank accounts.

Telstra News spews banking trojan after malvertising attack
Telstra News spews banking trojan after malvertising attack

“The media home page of Australia’s largest telecommunications company, Telstra, was pushing some malvertising similar to the attack we just documented on the PlentyOfFish website,” Segura says.

It is unknown and difficult to know how many if any users have been popped, but the best exploit kits like Nuclear compromise up to 40 percent of users who encounter it.

Attackers had compromised the media.telstra.com.au/home website through a malicious advertisement. That ad redirects visitors through Google’s URL shortener to a website hosting the Nuclear exploit kit.

Telstra News spews banking trojan after malvertising attack

The attack is not a hack of the Telstra asset but rather a compromise of the advertising chain through which criminals swindle advertising networks like Google and Yahoo!.

The Nuclear exploit kit is the second most popular off-the-shelf hacking box behind the Angler exploit kit. It contains the latest vulnerabilities for runtime environments like Adobe Flash and for browsers such as Internet Explorer.

Net scum use these kits to speed up and improve the delivery of payloads such as Tinba.

Source:http://www.theregister.co.uk/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s