Telstra News spews banking trojan after malvertising attack
Not Teltra's fault, but not a good look for the Big T either
Australia's dominant telco, Telstra, has been serving one of the world's most dangerous hacking tools after its news site was infected with malvertising.
Malwarebytes researcher Jerome Segura says the attackers were likely dropping the Tinba trojan, considered to be the world's smallest malware by file size at about 20kb and one that raids bank accounts.
“The media home page of Australia’s largest telecommunications company, Telstra, was pushing some malvertising similar to the attack we just documented on the PlentyOfFish website,” Segura says.
It is unknown and difficult to know how many if any users have been popped, but the best exploit kits like Nuclear compromise up to 40 percent of users who encounter it.
Attackers had compromised the media.telstra.com.au/home website through a malicious advertisement. That ad redirects visitors through Google's URL shortener to a website hosting the Nuclear exploit kit.
The attack is not a hack of the Telstra asset but rather a compromise of the advertising chain through which criminals swindle advertising networks like Google and Yahoo!.
The Nuclear exploit kit is the second most popular off-the-shelf hacking box behind the Angler exploit kit. It contains the latest vulnerabilities for runtime environments like Adobe Flash and for browsers such as Internet Explorer.
Net scum use these kits to speed up and improve the delivery of payloads such as Tinba. ®