Anti-Ad Blocker Gets Hacked: Users Vulnerable to Malware after PageFair Hack

PageFair confirmed a hack last Halloween weekend that rendered users who visited 501 unnamed sites that used its free analytics service vulnerable to malware attacks. Hackers successfully compromised the three-year-old Ireland-based startup by making use of malicious JavaScript code injected into websites that ran the firm’s core service.

This means that online users visiting affected sites from a Windows computer between 11:52 P.M. and 1:15 A.M. GMT last Saturday were likely exposed to risk, but would only be affected if they clicked on a link masquerading as an Adobe Flash update.

On Sunday, November 1, CEO Sean Blanchfield addressed the incident with a blog entry accounting how the hack took place and the measures that were undertaken to mitigate damage caused by the breach. He wrote, “The attack was sophisticated and specifically targeted against PageFair, but it is unacceptable that the hackers could gain access to any of our systems. We identified the breach immediately, but it still took over 80 minutes to fully shut it down.  During this time, visitors to websites owned by the publishers who have placed their trust in us were targeted by these hackers.”

Following a spearphishing attack that gave hackers access to a key email account, a password reset was performed to hijack PageFair’s account via a Content Distribution Network (CDN) service used in serving the analytics’ Javascript tag. “They modified the CDN settings so that instead of serving PageFair's JavaScript, it served malicious JavaScript. This intentionally harmful JavaScript prompted visitors to install a fake Adobe Flash update, which appears to be a botnet Trojan that targets Windows. Although many virus scanners will have prevented this file from executing, others may not have been able to correctly detect it.”

Blanchfield added that only a fraction of the 3,000 publishers operating with PageFair were attacked, and that most of the publishers affected during the 83-minute period are small—60% of which has less than one million page views on a monthly basis, and 90% with page views barely reaching ten million page views per month. However, PageFair highlighted that every publisher, big or small, are of utmost value to them and vowed to take steps to prevent incidents like this from happening again.

Publishers go to PageFair to effectively measure the cost of ad-blocking and to display alternative, non-intrusive advertising to ad blockers because they “personally experienced the damage ad blocking can do to a website.”

In our 2016 Security Predictions, Trend Micro experts believe that ad-blocking will lead to the reformation of the advertising business model, which would propel advertisers to seek new ways to get their advertisements out. It is apparent that the growing aversion of online users to unwanted ads is fueling the popularity of ad blockers, where users are no longer just “annoyed” by ads but are fully aware of the risks they pose. The firm, however, believes that the rising popularity of ad-blocking services is leading to the death of quality free websites. It supports its claims by saying, “At PageFair, we want to help create a more sustainable advertising ecosystem, one in which publishers can focus on loyalty and engagement instead of traffic and clicks, and make money without depleting their audience's goodwill.”

A number of media experts have said that it was only a matter of time before an attack like this would take place. The nature of services that the company provides makes them a viable target to those who are on the opposite side of the spectrum, believing that they have every right to block ads and “not be tracked online”.

In its latest update last November 2, PageFair shared an estimate that only 2.3% of visitors to the affected publishers would have been hit by the infection.


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.