The mysterious "you're iphone has been infected AD poisonings"

[brad03]

A few weeks ago i reported that a cybersecurity news/media site Threatpost had been serving up malicious advertisement redirections. Now it appears that an actual local news company has also been affected by a similar incident. Threatpost has fixed this issue but i have also reported this issue to WHDH and they are still affected. The problem is these ad poisonings are very hard to reproduce and will not happen every time you click an article or link. I have tried all i can do to warn them but unfortunately these redirects are still happening.       

Edited February 11, 2021 by brad03

[David H. Lipman]

These are classed as malicious advertisements or malvertisements.  They can be on specific web sites or are generated as a Push Notification

If you are on an Apple iPhone or MAC, you will see a malvertisement geared for Apple.  It could be an Apple FakeAlert or a Safari software update.  The malvertiser may use your IP address and push some content associated with your ISP such as a fake survey of that ISP's service.  If you are on a Windows PC it may use the User-Agent to push a fake Firefox update or a Microsoft FakeAlert.

Web sites want revenue.  They may contract to a legitimate advertising agent.  However, they may in turn subcontract to not so legitimate advertiser.  Then there are sites that don't care who they do business with when it comes to advertisement revenue.  Or when one marketing company outsources to another.  Then the malvertisement may be rotated in or randomly displayed.  As I have explained in other discussions I have seen fake Mozilla Firefox malvertisements emanating from the Weather Channel web site.

There was a case where Forum members visited AllMusic.com and on rare occasions they got a Microsoft FakeAlert.  The reports were few and reproducing it was difficult but finally I was able to coax a Microsoft FakeAlert from a visitation. It was all discussed in This Thread.  Reference: Post #20

 

Edited February 11, 2021 by David H. Lipman
Edited for content, clarity, spelling and grammar

[brad03]

Yup for sure it's very hard to track down i wish WHDH channel 7 the best of luck but at this point we try all we can do. 

[brad03]

The next time i am redirected i will gather the link and submit it for the research team.  

[Amaroq_Starwind]

We should write a bot that patrols websites using various user agent strings, and uses mechanisms to detect FakeAlerts and/or trace them back to their source.