Malvertising attack hit The Economist, anti-ad blocking service PageFair hacked

Pierluigi Paganini November 08, 2015

PageFair, the anti-ad blocking analytics service used by The Economist’s was hacked on Halloween and the attackers used it to serve malware.

On Halloween, hackers have compromised the anti-ad blocking service PageFair used by The Economist exposing readers to malware infections.

PageFair allows publishers to measure how many visitors block their ads, users who visited The Economist’s website from October 31 to early hours of November 1 may have installed a keylogger disguised as an Adobe update onto their machines.

“On Oct. 31, 2015, one of’s vendors, PageFair, was hacked. If you visited at any time between Oct. 31, 23:52 GMT and Nov. 1, 01:15 GMT, using Windows OS and you do not have trusted anti-virus software installed, it is possible that malware, disguised as an Adobe update, was downloaded onto your PC. If you accepted what looked like an Adobe update when you visited,” states a security advisory published by The Economist.

The Economist hired a security firm to investigate the attack, the experts confirmed that the malware used by the threat actors is a Windows keylogger, it is likely attackers were interested in obtaining visitors’ personal data, including login credentials. 

the economist

The Economist confirmed that the company systems have not been compromised by the hacker that instead exploited the anti-ad blocking service PageFair.

Charles Barber, a spokesperson for the publication, told Quartz that only a limited number of visitors have been infected according to data provided by PageFair.

PageFair confirmed that its analytics network has been exploited to serve the malware for about 80, the malvertising attack was discovered after five minutes, but the company spent more than a hour to halt the attack.

“It is now six days since one of our CDNs was compromised for 83 minutes by a hacker.  We have worked hard this week to analyse and disclose what happened to our clients and the world. Thanks to the cooperation of the NanoCore author and the dynamic DNS service Dyno, whatever access the hacker had to infected computers was shut down on Tuesday. In addition, for the last 4 days over 90% of antivirus tools (by market share) are detecting and cleaning the malware.” states PageFair in a official statementIf you are a publisher using our free analytics service, you have good reason to be very angry and disappointed with us right now,” PageFair CEO Sean Blanchfield told MediaPost. “The attack was sophisticated and specifically targeted against PageFair, but it is unacceptable that the hackers could gain access to any of our systems.”

The Economist is just one of the 501 publishers that were affected by the security breach and 2.3% of their visitors were placed at risk,.

The Economist provided the following suggestions to its readers:

  1. Change your passwords on all systems
  2. Contact your financial providers and check bank and credit card statements for unusual activity
  3. Run anti-virus software from a reputable provider. We recommend the following:
    • Windows Defender (if you have Windows 10 or 8.1)
    • Microsoft Security Essentials (if you have Windows 7 or Windows Vista)
    • Avast (free)
    • Malwarebytes (free)
  1. Download and install the tool.
  2. Run a full system scan.
  3. The malware should be identified and removed.

Pierluigi Paganini

(Security Affairs –The Economist, malvertising)

you might also like

leave a comment