Malvertisement Used to Change Router DNS Settings

A rogue advertisement injected in a large online advertising network is being used to deliver a payload for changing the DNS (Domain Name System) settings of home routers.

An attack leveraging ads from a third-party service displayed to websites is called malvertising and it is usually carried out by including a redirect to an online location, either compromised or under the control of the cybercriminals, which serves a malicious payload.

However, in the incident observed by Sucuri, the bad actor injected the payload directly in the advertisement, which is delivered to websites through the googlesyndication.com domain, owned by Google to store and load advertisement content and resources for Google AdSense.

Read more about the malvertising on Google Adsense on Sucuri Net