Malvertising campaign used a free certificate from Let’s Encrypt
Cybercriminals are taking advantage of an organization that issues free digital certificates, sparking a disagreement over how to deal with such abuse.
On Wednesday, Trend Micro wrote that it discovered a cyberattack on Dec. 21 that was designed to install banking malware on computers.
The cybercriminals had compromised a legitimate website and set up a subdomain that led to a server under their control, wrote Joseph Chen, a fraud researcher with Trend.
If a user went to the site, the subdomain would show a malicious advertisement that would redirect the user to sites hosting the Angler exploit kit, which looks for software vulnerabilities in order to install malware.