A rogue advertiser abused the Taggify self-serve ad platform to inject malware-installing code into browsers visiting the websites of two US TV stations.
The ads were then served via the Taggify network to web surfers who visited domain registrar GoDaddy and CBS affiliated TV stations WBTV in Charlotte, North Carolina, and KMOV in St Louis.
In this case, the web domain name used by the malvertisers was parked, meaning its name was registered but it was serving no relevant content, while one of its subdomains hosted the ads. A GoDaddy DNS account was hijacked to set up this arrangement.
Malwarebytes is due to publish more details on the malvertising scam, unravelled by crack security researcher Jerome Segura, on its blog today. ®