Popular classified advertising site Gumtree was hit with a malvertising attack, according to Malwarebytes Labs.
According to Malwarebytes researchers, miscreants penetrated the network of an Australian legal firm and put up a phony version of its site that appeared legitimate, but actually contained a fraudulent subdomain off its main server.
Gumtree, a subsidiary of eBay, receives 48 million monthly visits and is popular in the UK, Australia and South Africa.
The criminals cut and pasted the firm's logo and some text from the legitimate site and fashioned what appeared to be a typical ad banner. They then contacted ad networks to inquire about advertising.
Anyone clicking on the bogus, malvertising-laden ad would be vulnerable to receiving the Angler exploit kit, which typically injects different payloads, including ransomware or banking trojans.
Researchers detected a fingerprinting approach – that had been observed previously – capable of avoiding security tools or network packet captures.