Archive - Confiant

Tracking Software Weaponized by Criminals

Inside four months of joint research with Infoblox Threat Intel on the abuse of Keitaro Software.

Mar 24 • Confiant

Analyzing a Live AiTM Attack Targeting Google Accounts via Malvertising

We captured a malvertising campaign delivering an Adversary-in-the-Middle (AiTM) kit. Here, we unpack a paradox— an advanced payload undermined by…

Published on Roshan • Mar 24

Malvertiser “D-Shortiez” abuses WebKit back button hijack in forced-redirect campaign

Over the last few years, as AdTech and browser security has continued to mature, many malvertisers have moved on from forced redirect campaigns that…

Mar 2 • Confiant and Eliya Stein

February 2026

Disrupting 59M Malicious Impressions: Inside D-Shortiez Testing Infrastructure and Campaign Management

Two clusters, one password, and the automated harvesting that blocked campaigns before deployment

Feb 24 • Confiant and Michael Steele

The Curious Case Of MutantBedrog's Trusted-Types CSP Bypass

MutantBedrog is a malvertiser that caught our attention early summer ’24 for their highly disruptive forced redirect campaigns and the unique JavaScript…

Feb 3 • Confiant and Eliya Stein

How One "Crypto Drainer" Template Facilitates Tens Of Millions Of Dollars In Theft

Crypto Drainers are phishing pages that lure victims into signing malicious transactions that allow the attacker to siphon their crypto and NFTs.

Feb 3 • Confiant and Eliya Stein

A Whirlwind Tour Of Crypto Phishing

The post-pandemic world has seen cryptocurrencies and blockchain products in general catapult in valuation and adoption.

Feb 3 • Confiant and Eliya Stein

How File Hashes Fail As A Malware Detection Heuristic

In this blog post we take a trip downstream from malvertising delivery mechanisms and take a close up look at a fake Flash update landing page that was…

Feb 3 • Confiant and Eliya Stein

Profiling hackers using the Malvertising Attack Matrix by Confiant

A relatively new threat vector, Malvertising is a cyber-attack relying on ad networks and digital ads exposing virtually any internet user surfing the…

Feb 3 • Confiant

Looking At Chrome Extensions That Hijack Search - Spread Via Malvertising

In this blog post we discuss an ongoing malvertising campaign that pushes search hijacking browser extensions.

Feb 3 • Confiant and Eliya Stein

The Trend Of Client-Side Fingerprinting In Cloaked Landing Pages

This blog post will examine the client-side aspect of cloaking in non auto-redirect based malvertising chains.

Feb 3 • Confiant and Eliya Stein

Malvertising, Site Compromise, And A Status Report On Drive-by Downloads

This blog post will explore the details behind a recent spree of website hacks and the malicious payloads that were embedded and served to unwitting…

Feb 3 • Confiant and Eliya Stein

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts