Archive - Confiant

Malvertiser “D-Shortiez” abuses WebKit back button hijack in forced-redirect campaign

Over the last few years, as AdTech and browser security has continued to mature, many malvertisers have moved on from forced redirect campaigns that…

Mar 2 • Confiant and Eliya Stein

February 2026

Disrupting 59M Malicious Impressions: Inside D-Shortiez Testing Infrastructure and Campaign Management

Two clusters, one password, and the automated harvesting that blocked campaigns before deployment

Feb 24 • Confiant and Michael Steele

Phantom Stores: Retail Impersonation Spreads Ahead of Black Friday Powered by Video Ads and Modular 'Holiday Skins' Kit

In the frenzied weeks leading up to Black Friday and Cyber Monday, Ad Tech’s busiest season, a new cluster of phantom storefronts has surged into view.

Feb 3 • Confiant and Roshan

The Curious Case Of MutantBedrog's Trusted-Types CSP Bypass

MutantBedrog is a malvertiser that caught our attention early summer ’24 for their highly disruptive forced redirect campaigns and the unique JavaScript…

Feb 3 • Confiant and Eliya Stein

Exploring ScamClub Payloads via Deobfuscation Using Abstract Syntax Trees

ScamClub is a prolific threat actor in the programmatic ad space known to carry out large-scale attacks with the purpose of scamming and defrauding…

Feb 3 • Confiant

How One "Crypto Drainer" Template Facilitates Tens Of Millions Of Dollars In Theft

Crypto Drainers are phishing pages that lure victims into signing malicious transactions that allow the attacker to siphon their crypto and NFTs.

Feb 3 • Confiant and Eliya Stein

How SeaFlower 藏海花 installs backdoors in iOS/Android web3 wallets to steal your seed phrase

During the course of our work at Confiant, we see malicious activity on a daily basis.

Feb 3 • Confiant

A Whirlwind Tour Of Crypto Phishing

The post-pandemic world has seen cryptocurrencies and blockchain products in general catapult in valuation and adoption.

Feb 3 • Confiant and Eliya Stein

How File Hashes Fail As A Malware Detection Heuristic

In this blog post we take a trip downstream from malvertising delivery mechanisms and take a close up look at a fake Flash update landing page that was…

Feb 3 • Confiant and Eliya Stein

Profiling hackers using the Malvertising Attack Matrix by Confiant

A relatively new threat vector, Malvertising is a cyber-attack relying on ad networks and digital ads exposing virtually any internet user surfing the…

Feb 3 • Confiant

Looking At Chrome Extensions That Hijack Search - Spread Via Malvertising

In this blog post we discuss an ongoing malvertising campaign that pushes search hijacking browser extensions.

Feb 3 • Confiant and Eliya Stein

The Trend Of Client-Side Fingerprinting In Cloaked Landing Pages

This blog post will examine the client-side aspect of cloaking in non auto-redirect based malvertising chains.

Feb 3 • Confiant and Eliya Stein

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts