Lightbox adware redirects mobile users to random sites

  • The redirected sites include pages related to viral apps or just random tech articles.
  • If the visitor chooses to install any of these apps, they are taken to the respective official store’s webpage.

An external script has been found redirecting visitors to several random sites. This script is frequently used by various webmasters to provide easy Lightbox functionalities on their websites.

Dissecting the malicious script

According to the researchers from Sucuri, the issue came to light after visitors were redirected to random sites while accessing a site via mobile. During the investigation, it was discovered that the installed script made a call to another script and redirected mobile users to a link (below).

hxxp://click[.]thebestoffer[.]gq/?utm_medium=6a9d4be48f9dd74ece2547f9a7d3ed068107809c&utm_campaign=js_1&1=&2=

What next?

Once users fall prey to the URL redirection attack, then they would be bombarded with various random pages related to viral apps or just random tech articles. If the visitor chooses to install any of these apps, they are taken to the respective official store’s webpage.

After a while, the script changes into a different campaign and redirects the visitors to another shady looking page https[:]//you.1gowest[.]top/?utm_medium=87e4ad4e587d6a3c668e4dda57a31ea60a0235b2&utm_campaign=1gowest.

So far, there has been no evidence of extremely malicious happening through the script.

Threat actors often implement this type of technique to generate revenue on the downloaded tool, app or script. Therefore, it is very necessary for webmasters to be cautious while adding external assets to their websites.