Phone : +91 95 8290 7788 | Email :

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » ​Malvertising campaign targeting accountants distributes six different malware families

​Malvertising campaign targeting accountants distributes six different malware families

  • This malvertising campaign targeted Russian organizations with an aim to compromise accountants’ computers.
  • The six different malware families such include Buhtrap banking trojan, RTM banking trojan, Clipbanker trojan, VegaLocker ransomware, and cryptocurrency miners.

ESET researchers have observed a new malvertising campaign that leverages Yandex.Direct network to distribute malware onto victims’ computers and steal cryptocurrency. Yandex.Direct is an online advertising network based in Russia.

Who are the targets?

This malvertising campaign mainly targeted Russian organizations to compromise accountants’ computers.

How does the malvertising campaign work?

  • Malicious ads are posted on Yandex.Direct ad network and victims clicking on the ads will be redirected to malicious websites.
  • These websites will have a link to Github that contain malicious files on the repository.
  • The files hosted are either an empty zip file or a clean executable.
  • These malicious files distribute six different malware families such as Buhtrap banking trojan, RTM banking trojan, Clipbanker trojan, VegaLocker ransomware, and cryptocurrency miners.

Worth noting

Attackers posted malicious ads through the Yandex.Direct service to websites that were likely to be visited by accountants searching for specific terms such as ‘download invoice template’, ‘claim complaint example’, ‘contract example’, ‘contract form’, ‘judicial petition example’, and more.

Multiple code-signing certificates

The malware payloads have been signed by multiple code-signing certificates. However, the attackers failed to systematically sign the binaries that they have pushed to the git repository. In fact, the attackers have also used invalid signatures with a certificate belonging to Google that did not have a private key.

What’s the response?

Researchers notified Yandex about the campaign, and the company has removed the malvertising campaign from its advertising network.

“This campaign is a good example of how legitimate ad services can be abused to distribute malware. While this campaign specifically targets Russian organizations, we wouldn’t be surprised if such a scheme were used abusing non-Russian ad services. To avoid being caught by such a scam, users should always make sure the source from where they download software is a well-known, reputable software distributor,” ESET researchers said in a blog.

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India













What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.


Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.


Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 95 8290 7788 | Support Number : +91 94 8585 7788
Sales Email : | Support Email :

Register & Request Quote | Submit Support Ticket