Malware Targets Well-Known Publishers and Slips Through Their Blockers

The Media Trust Digital Security & Operations (DSO) team detected and thwarted a malicious campaign that used advanced and delivery patterns to evade signature-based defenses often used by publishers. Named Ghostcat-3PC by the DSO, the malware powering this recent attack ran behind the scenes to slip through conventional blockers in order to hijack mobile browser sessions in the U.S. and Europe. Over the course of three months, the team discovered more than 130 distinct outbreaks related to this attack that affected hundreds of well-known publishers.