Wednesday, March 26, 2025
HomeTHREATSA Malvertiser called "RoughTed" Bypass Ad-blocker and Get Half a Billion visits...

A Malvertiser called “RoughTed” Bypass Ad-blocker and Get Half a Billion visits in 3 Months

Published on

SIEM as a Service

Follow Us on Google News

A Malvertiser called “RoughTed” Successfully Bypass the Ad-Blockers and Delivery Malicious  Payloads into the visitors Operating Systems and Browsers which is used to visit the “RoughTed” Malvertiser Contain websites.

RoughTed used to Generate a huge amount of traffic by Bypass the Ad-Blockers and it contains many malicious Payloads to inject into visitors host.

RoughTed related domains used to generate half a billion hits and many successful Compromises has been identified within 3 months and Traffic comes from thousands of publishers, some ranked in Alexa’s top 500 websites by Malwarebytes Research Team.

Malvertiser Using Content Delivery Network (CDN)(Distributed network of proxy servers) to Bypass the tracking  and multiple ad redirections from several ad exchanges  which  makes more difficult to identify the source of their malvertising activity.

This malvertising campaign traffic generated by displaying ads in more than 1000 of Websites and it redirect into a Malicious site that contains Malicious  Payloads to distribute across the  visitors Operating Systems and Browsers.

Redirection Chain Process

According to Malwarebytes Researchers, a Domain Called roughted[.]com performing a redirection chain by using “Magnitude exploit kit via its pre-filtering gate”.

               roughted.com/?&tid=645131&red=1&abt=0&v=1.10.59.18

The majority of the Malicious  Domain which is used by Malvertiser has been created via the EvoPlus registrar.

These domains are used by Malvertiser as a gateway used to bypass ad-blockers.

Afer few Days research was done by malwarebytes team, they find few more same URL structure which is same as  roughted[.]com structure which I Mentioned above.

Image source: Malwarebytes

RoughTed Spreading to Publishers

Publisher providers of content (news, media files, etc.) which drive people to visit them regularly and paid to the Registered user who all are willing to advertise the ads in their Website.

There are top some top Ranking Publishers are being used for the RoughTed battle originates from gushing video or record sharing locales intently entwined with URL shorteners.

Visitors to these sites are targeted with ads and in some cases, some that belong to the RoughTed campaign. Malwarebytes said

These Domains are ranking in below 1000 in Alexa Record.

Important Highlights by Malwarebytes

  • Traffic comes from thousands of publishers, some ranked in Alexa’s top 500 websites.
  • RoughTed domains accumulated over half a billion visits in the past 3 months alone.
  • Threat actors are leveraging fingerprinting and ad-blocker bypassing techniques upstream.
  • RoughTed can deliver a variety of payloads for each platform: scams, exploit kits, and malware.

you can Visit Malwarebytes for full Technical Writeup.

Also Read

Trend Micro ServerProtect Contains Multiple Critical Arbitrary Code Execution Vulnerabilities including XSS and CSRF

Android Application Penetration Testing Part – 4

200 Million Downloaded video players including VLC Player are vulnerable to Malicious subtitles Attack -A Complete Takeover Attack

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

New Chrome Installer Fails on Windows 10 & 11 With “This app can’t run on your PC” Error

A recent snag in Google's Chrome distribution process has left Windows users unable to...

North Korean Kimsuky Hackers Deploy New Tactics and Malicious Scripts in Recent Attacks

Security researchers have uncovered a new attack campaign by the North Korean state-sponsored APT...

Critical NetApp SnapCenter Server Vulnerability Allows Attackers to Gain Admin Access

A critical vulnerability has been identified in NetApp's SnapCenter Server, affecting versions before 6.0.1P1...

Raspberry Robin Unveils 200 Unique Domains Used by Threat Actors

In a significant development, cybersecurity firm Silent Push has identified nearly 200 unique command...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Raspberry Robin Unveils 200 Unique Domains Used by Threat Actors

In a significant development, cybersecurity firm Silent Push has identified nearly 200 unique command...

Banking Malware Infects 248,000 Mobile Users Through Social Engineering Techniques

In 2024, the number of users affected by mobile banking malware skyrocketed to nearly...

CleanStack: Dual-Stack Solution to Defend Against Memory Corruption Attacks

CleanStack is a novel stack protection mechanism designed to combat memory corruption attacks, which...