PageFair, the anti-ad blocking analytics service used by The Economist’s was hacked on Halloween and the attackers used it to serve malware.
PageFair allows publishers to measure how many visitors block their ads, users who visited The Economist’s website from October 31 to early hours of November 1 may have installed a keylogger disguised as an Adobe update onto their machines.
“On Oct. 31, 2015, one of economist.com’s vendors, PageFair, was hacked. If you visited economist.com at any time between Oct. 31, 23:52 GMT and Nov. 1, 01:15 GMT, using Windows OS and you do not have trusted anti-virus software installed, it is possible that malware, disguised as an Adobe update, was downloaded onto your PC. If you accepted what looked like an Adobe update when you visited economist.com,” states a security advisory published by The Economist.
The Economist hired a security firm to investigate the attack, the experts confirmed that the malware used by the threat actors is a Windows keylogger, it is likely attackers were interested in obtaining visitors’ personal data, including login credentials.
The Economist confirmed that the company systems have not been compromised by the hacker that instead exploited the anti-ad blocking service PageFair.
Charles Barber, a spokesperson for the publication, told Quartz that only a limited number of visitors have been infected according to data provided by PageFair.
PageFair confirmed that its analytics network has been exploited to serve the malware for about 80, the malvertising attack was discovered after five minutes, but the company spent more than a hour to halt the attack.
“It is now six days since one of our CDNs was compromised for 83 minutes by a hacker. We have worked hard this week to analyse and disclose what happened to our clients and the world. Thanks to the cooperation of the NanoCore author and the dynamic DNS service Dyno, whatever access the hacker had to infected computers was shut down on Tuesday. In addition, for the last 4 days over 90% of antivirus tools (by market share) are detecting and cleaning the malware.” states PageFair in a official statement. “If you are a publisher using our free analytics service, you have good reason to be very angry and disappointed with us right now,” PageFair CEO Sean Blanchfield told MediaPost. “The attack was sophisticated and specifically targeted against PageFair, but it is unacceptable that the hackers could gain access to any of our systems.”
The Economist is just one of the 501 publishers that were affected by the security breach and 2.3% of their visitors were placed at risk,.
The Economist provided the following suggestions to its readers:
- Change your passwords on all systems
- Contact your financial providers and check bank and credit card statements for unusual activity
- Run anti-virus software from a reputable provider. We recommend the following:
- Windows Defender (if you have Windows 10 or 8.1)
- Microsoft Security Essentials (if you have Windows 7 or Windows Vista)
- Avast (free)
- Malwarebytes (free)
- Download and install the tool.
- Run a full system scan.
- The malware should be identified and removed.
(Security Affairs –The Economist, malvertising)
Share On
