Malwarebytes specialists
noticed to a new scam tactic that has made it even harder to close intrusive ads. Criminals often resort to various tricks to force the victim to perform certain actions: block the user on the page and prevent them from clicking to close the tab, load the victim’s processor by 100% so that she believes that something is wrong with the computer order, and so on.
In the campaign found According to Malwarebytes experts, attackers force the user to click on an advertisement that appears in a pop-up window. To do this, fraudsters use dynamic CSS code that tracks the mouse cursor: when the user moves the cursor to the close button of the intrusive window, a few milliseconds before the click, the banner moves exactly under the user’s cursor. As a result, the victim clicks on the advertisement, and not on closing the window. A demonstration of this trick in action can be seen in the
animation published by the researchers.
Experts write that this tactic, among other things, is used by one of the hacker groups that recently exploited 0-day vulnerabilities in popular WordPress plugins. Hackers use sites hacked in this way in different ways: some of the traffic is redirected to fake technical support resources, the other part goes to sites with malicious and fraudulent advertising (it is on such resources that banners literally dodge closing), and users can also be directed to Internet sites. stores infected with software simmers — malware for stealing bank cards.
It is noted that the new trick of the scammers can be bypassed using a regular ad blocker, which in any case should prevent the loading of the advertising banner itself, even if it can’t handle the hackers’ CSS code.