RBC 🇨🇦 Express AiTM Phishing Campaign

How AiTM malvertising bypasses MFA to drain Canadian business banking accounts, leaving victims in a months-long race to recover their stolen assets and…

Published on Roshan • 8 hrs ago

March 2026

Tracking Software Weaponized by Criminals

Inside four months of joint research with Infoblox Threat Intel on the abuse of Keitaro Software.

Mar 24 • Confiant

2

1

Analyzing a Live AiTM Attack Targeting Google Accounts via Malvertising

We captured a malvertising campaign delivering an Adversary-in-the-Middle (AiTM) kit. Here, we unpack a paradox— an advanced payload undermined by…

Published on Roshan • Mar 24

February 2026

Disrupting 59M Malicious Impressions: Inside D-Shortiez Testing Infrastructure and Campaign Management

Two clusters, one password, and the automated harvesting that blocked campaigns before deployment

Feb 24 • Confiant and Michael Steele

3

4

The Curious Case Of MutantBedrog's Trusted-Types CSP Bypass

MutantBedrog is a malvertiser that caught our attention early summer ’24 for their highly disruptive forced redirect campaigns and the unique JavaScript…

Feb 3 • Confiant and Eliya Stein

2

1

November 2025

Phantom Stores: Retail Impersonation Spreads Ahead of Black Friday Powered by Video Ads and Modular 'Holiday Skins' Kit

In the frenzied weeks leading up to Black Friday and Cyber Monday, Ad Tech’s busiest season, a new cluster of phantom storefronts has surged into view.

Nov 24, 2025 • Confiant and Roshan

3

1

October 2023

ScamClub's Deceptive Landing Pages

Recently, I was involved in publishing Confiant’s ScamClub: Threat Report Q1-Q2 2023. During our investigation into this malvertising threat, we found…

Oct 26, 2023 • Confiant and Michael Steele

September 2023

Exploring ScamClub Payloads via Deobfuscation Using Abstract Syntax Trees

ScamClub is a prolific threat actor in the programmatic ad space known to carry out large-scale attacks with the purpose of scamming and defrauding…

Sep 27, 2023 • Confiant

3

1

May 2023

BadTrip: A chain of fake travel sites abuses search ads to commit fraud and credential theft

Brand impersonation and "cloaked" call-centers scale the scam up to more than 50,000 people. Scammers raking in upwards of $800 per victim.

May 17, 2023 • Confiant

February 2023

Malvertiser “D-Shortiez” abuses WebKit back button hijack in forced-redirect campaign

Over the last few years, as AdTech and browser security has continued to mature, many malvertisers have moved on from forced redirect campaigns that…

Feb 8, 2023 • Confiant and Eliya Stein

January 2023

Malvertiser Makes the Big Bucks on Black Friday

Confiant’s broad coverage in ad tech gives us visibility on some of the darkest corners of the ecosystem.

Jan 20, 2023 • Confiant and Jerome Dangu

December 2022

L’art de l’évasion: How Shlayer hides its configuration inside Apple proprietary DMG files

Originally written by Taha Karim

Dec 23, 2022 • Confiant