Malvertising strikes Gumtree

By on
Malvertising strikes Gumtree

Popular classified advertising site Gumtree was hit with a malvertising attack, according to Malwarebytes Labs.

According to Malwarebytes researchers, miscreants penetrated the network of an Australian legal firm and put up a phony version of its site that appeared legitimate, but actually contained a fraudulent subdomain off its main server. 

Gumtree, a subsidiary of eBay, receives 48 million monthly visits and is popular in the UK, Australia and South Africa.

The criminals cut and pasted the firm's logo and some text from the legitimate site and fashioned what appeared to be a typical ad banner. They then contacted ad networks to inquire about advertising.

Anyone clicking on the bogus, malvertising-laden ad would be vulnerable to receiving the Angler exploit kit, which typically injects different payloads, including ransomware or banking trojans.

Researchers detected a fingerprinting approach – that had been observed previously – capable of avoiding security tools or network packet captures.

This article originally appeared at

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register


What's your reaction to Microsoft shifting Azure prices into $US?
Upset that we'll pay more
We'll manage it, but wish prices were consistent
Not a problem - we already purchase in $US
We'll move to other clouds
View poll archive

Log In

Username / Email:
  |  Forgot your password?