Assessment: We’ve started tracking a signature that looks to be attempting to do video stuffing.

Additional Details:  Currently, only a handful of publishers have been impacted, but we're continuing to monitor this campaign.

Assessment: Ongoing malicious activity leveraging websockets - to fingerprint a user’s browser and load additional known malicious domains - attached to legit creative scripts. Affected platforms: Sizmek and AOL/AdTech

Additional Details: To date, over 1M ads have been impacted and blocked across Ad Lightning’s partners

Assessment:  Small uptick in redirect activity originating from the Avazu platform targeting iOS users on iPhone and iPad Safari.

Additional Details:  Signature has been identified and blocked across 30+% of  Ad Lightning's clients.

Assessment:  Two additional active threats have been identified and blocked. 

• Campaign #1:  Two separate creatives have been hijacked by what appears to be a fraudulent Appnexus "reseller", causing redirects across various Publishers.  Campaigns are heavily targeted towards iPad/Safari and are utilizing the images below.
• Campaign #2:  Three new malicious signatures have been identified that follow similar patterns of obfuscated code attached to legit creative payloads, driving unwanted behaviors for iPhone users.  Originating DSP for this campaign has primarily been identified as AdMixer.

Additional Details:  To date, 1M ads have been impacted across Ad Lightning's partners.

Assessment:  Emerging redirect campaign detected and blocked.  The ads are loading a malicious cloudfront script that subsequently loads fingerprinting logic to determine if the user is on a mobile device, and will perform a redirect if it's an iPhone.  If not, it's loading the hijacked ad campaign below.

Additional Details:  Campaign has been targeted to US residents only.  Primarily one SSP appears to be impacted.  Originating DSP is PocketMath.