A highly sophisticated attack has been carried out on millions of users via hundreds of websites including Amazon, YouTube and Yahoo using a malicious advertising network.
The attack was discovered by researchers working for Cisco. Dubbed "Kyle and Stan", malicious adverts appearing on the website trigger a download that affects Windows and Mac users, according to Armin Pelkmann, a Cisco threat researcher.
Pelkmann said the network uses "the enormous reach of well-placed malicious advertisements on very well-known websites in order to potentially reach millions of users."
"The goal is to infect Windows and Mac users alike with spyware, adware and browser hijackers. It is not too far-fetched that other kinds of malware are being used as well."
The malware got its name because the monikers "Kyle and Stan" appear in the subdomains of more than 700 websites the hackers set up to distribute the virus.
Cisco said the 700 domains currently in use were "just the tip of the iceberg".
"The large number of domains allows the attackers to use a certain domain just for a very short time, burn it and move on to use another one for future attacks," said Pelkmann in a blog post. "This helps avoiding reputation and blacklist based security solutions."
"We are facing a very robust and well-engineered malware delivery network that won't be taken down until the minds behind this are identified."
Around 10,000 users connected to the network during Cisco's investigations and the malvertising targeted only a small number of firms that supply ads to websites.
"If an attacker can get one of those major advertisement networks to display an advertisement with a malicious payload just for a few minutes without being detected, then countless machines can be infected by such an attack," he said.
-
Hounslow Council partners with Amazon Web Services (AWS) to build resilience and transition away from legacy techSpomsored One of the most diverse and fastest-growing boroughs in London has completed a massive cloud migration project. Supported by AWS, it was able to work through any challenges
-
Salesforce targets better data, simpler licensing to spur Agentforce adoptionNews The combination of Agentforce 360, Data 360, and Informatica is more context for enterprise AI than ever before
-
Cisco ASA customers urged to take immediate action as NCSC, CISA issue critical vulnerability warningsNews Cisco customers are urged to upgrade and secure systems immediately
-
Cisco eyes network security gains for agentic AINews New network security updates aim to secure AI agents across enterprises
-
Cisco patches critical flaw affecting Identity Services EngineThe networking giant has urged enterprises to update immediately
-
96% of businesses have low cyber-readiness, claims CiscoThe 2025 Cisco Cybersecurity Readiness Index shows a concerning number of businesses globally are unprepared for rising AI-related threats.
-
Cisco takes aim at AI security at RSAC with ServiceNow partnershipNews The companies claim Cisco AI Defense and ServiceNow SecOps will help address new challenges raised by AI
-
Cisco claims new smart switches provide next-level perimeter defenseNews Cisco’s ‘security everywhere’ mantra has just taken on new meaning with the launch of a series of smart network switches.
-
Cisco is jailbreaking AI models so you don’t have to worry about itNews Cisco's new AI Defense security solution helps organizations shore up LLM security by identifying potential flaws.
-
Cisco dispels Kraken data breach claims, insists stolen data came from old attackNews Cisco has refuted claims it has suffered a data breach after the Kraken threat group posted stolen data online.
