# HookAds Malvertising Installing Malware via the Fallout Exploit Kit **[bleepingcomputer.com/news/security/hookads-malvertising-installing-malware-via-the-fallout-exploit-kit/](https://www.bleepingcomputer.com/news/security/hookads-malvertising-installing-malware-via-the-fallout-exploit-kit/)** Lawrence Abrams By [Lawrence Abrams](https://www.bleepingcomputer.com/author/lawrence-abrams/) November 13, 2018 03:30 AM 0 The HookAds malvertising campaign has been active lately and redirecting visitors to the Fallout Exploit Kit. Once the kit is activated, it will attempt to exploit known vulnerabilities in Windows to install different malware such as the DanaBot banking Trojan, the Nocturnal information stealer, and GlobeImposter ransomware. HookAds is a malvertising campaign that purchases cheap ad space on low quality ad networks commonly used by adult web sites, online games, or blackhat seo sites. These ads will include JavaScript that redirects a visitor through a serious of decoy sites that look like pages filled with native advertisements, online games, or other low quality pages. Under the right circumstances, a visitor will silently load the Fallout exploit kit, which will try and install its malware payload. You can see an example of one of the decoy sites discovered last week by exploit kit expert [nao_sec below.](https://twitter.com/nao_sec) ----- **Example HookAds Decoy Site** According to nao_sec, these two campaigns were discovered last week with one [campaign being on November 8th that was distributing the DanaBot password stealing](https://www.bleepingcomputer.com/news/security/danabot-banking-malware-now-targeting-banks-in-the-us/) [Trojan and another campaign on November 10th that was installing the Nocturnal stealer](https://traffic.moe/2018/11/10/index.html) and the GlobeImposter ransomware. **Fiddler Traffic showing Redirects from HookAds campaign** If the redirected user is running Internet Explorer, the Fallout Exploit Kit will attempt to [exploit the Windows CVE-2018-8174 VBScript vulnerability to install the payload.](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8174) Therefore, it is very important that users make sure to have all available Windows security updates installed in order to protect themselves from known vulnerabilities. ## Related Articles: [New ChromeLoader malware surge threatens browsers worldwide](https://www.bleepingcomputer.com/news/security/new-chromeloader-malware-surge-threatens-browsers-worldwide/) [RIG Exploit Kit drops RedLine malware via Internet Explorer bug](https://www.bleepingcomputer.com/news/security/rig-exploit-kit-drops-redline-malware-via-internet-explorer-bug/) [DanaBot](https://www.bleepingcomputer.com/tag/danabot/) [Exploit Kit](https://www.bleepingcomputer.com/tag/exploit-kit/) [Fallout Exploit Kit](https://www.bleepingcomputer.com/tag/fallout-exploit-kit/) [GlobeImposter](https://www.bleepingcomputer.com/tag/globeimposter/) [HookAds](https://www.bleepingcomputer.com/tag/hookads/) ----- [Malvertising](https://www.bleepingcomputer.com/tag/malvertising/) [Lawrence Abrams](https://www.bleepingcomputer.com/author/lawrence-abrams/) Lawrence Abrams is the owner and Editor in Chief of BleepingComputer.com. Lawrence's area of expertise includes Windows, malware removal, and computer forensics. Lawrence Abrams is a co-author of the Winternals Defragmentation, Recovery, and Administration Field Guide and the technical editor for Rootkits for Dummies. [Previous Article](https://www.bleepingcomputer.com/news/security/the-intel-microcode-boot-loader-protects-older-cpus-from-spectre/) [Next Article](https://www.bleepingcomputer.com/news/security/google-services-unreachable-after-traffic-hijacking/) Post a Comment [Community Rules](https://www.bleepingcomputer.com/posting-guidelines/) You need to login in order to post a comment [Not a member yet? Register Now](https://www.bleepingcomputer.com/forums/index.php?app=core&module=global§ion=register) ## You may also like: -----