Jump to content

Threatpost the cybersecurity blog serving up malicious redirects?


brad03
 Share

Recommended Posts

I love reading up on the latest, security news like many others. when reading threatposts, blog on my iPhone i continue to be redirected to a site that says my "iPhone has been infected" (which i know better to fall for) Malwarebytes, does block the sites but i do not have the software on my iPhone. I know for sure that my iPhone is 100% clean can anyone else confirm these redirects on this blog through iPhone or other operating systems? I have contacted threatpost to report the issue today as i feel this is concerning to users security. P.S i hope this is the right section i have posted in. Happy holidays to all!       

Link to post
Share on other sites

No I have stated that in my above comment that I was not. I also know my phone is not infected. But would appreciate it if another researcher or malwarebytes staff could confirm that iPhones are being redirected to malicious sites. It’s just a typicall you’re device is infected redirection. 

Link to post
Share on other sites

8 minutes ago, brad03 said:

No I have stated that in my above comment that I was not. I also know my phone is not infected. But would appreciate it if another researcher or malwarebytes staff could confirm that iPhones are being redirected to malicious sites. It’s just a typicall you’re device is infected redirection. 

Oh okay. sorry I missed that in the first post for some reason as I was on there website checking around and like @exile360 said hopefully they can clean the embedded ads cleaned up. Thanks for the headsup!

  • Thanks 1
Link to post
Share on other sites

30 minutes ago, Hardhead said:

Oh I know why I'm not seeing it as I have a VPN that is probably blocking it on my second iPhone... Duhhh 😛

I wish i did not close out of it but I'm going to spend the rest of my night trying to replicate the issue again. threatpost has not responded yet as soon as i come across he link again i will post it to you in (code format)  it will eventually show up again this has went undetected by them for some time i feel....  

Link to post
Share on other sites

2 minutes ago, brad03 said:

I wish i did not close out of it but I'm going to spend the rest of my night trying to replicate the issue again. threatpost has not responded yet as soon as i come across he link again i will post it to you in (code format)  it will eventually show up again this has went undetected by them for some time i feel....  

Yes that would be cool and I could disable my VPN and see if I can duplicate the ad too. Let me know if you find anything Much appreciated @brad03😉

  • Thanks 1
Link to post
Share on other sites

threatpost has reached out about the redirections if any malwarebytes staff would like to give them any info on what they collected from the url. i am actively working with them in trying to locate this issue.  

Edited by brad03
Link to post
Share on other sites

  • Staff

I suspect all they'll be able to do is determine the exact URL of the ad then report it to whoever their partner/provider for ads on their site is (usually Google for most sites, though there are others), then the ad provider will likely need to verify it on their end and drop that ad/advertiser from their rotation/service.  I'm not sure what more useful info Malwarebytes could provide, especially since the maliciousness of the ad is pretty obvious/not obfuscated as something more sneaky like an exploit or cryptocurrency miner would be.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.