Posted: April 26, 2016 by

Last updated:

Magnitude EK strikes again, this time on The Pirate Bay, and drops the Cerber Ransomware.

Popular torrent site The Pirate Bay was serving ransomware via a malvertising attack this week-end. The questionable advertiser was using a ‘pop-under’ to silently redirect users to the Magnitude exploit kit and infect them with the Cerber ransomware.

This is part of the same Magnitude EK malvertising campaigns we have documented previously on this blog. The ad network changes (Traffic Holder in this case), but the modus operandi remains the same.

Flow:

Publisher : thepiratebay.se

: Malvertising : Advertiser : traffic. adxprts.com /?placement=[redacted]&redirect delivery.adxprts.com/delivery.php?url=http%3A%2F%2Ftrafficholder.com%2Fin%2Fpop.php%3Fpenthubcom Ad network : trafficholder.com /in/pop.php?penthubcom

: Magnitude EK Gates gamesheep.me veronagames.me



Magnitude EK:

Malwarebytes Anti-Exploit blocks this attack:

RiskIQ also spotted the same advertiser pushing fake software. That domain has now been obliterated by CloudFlare.