A network of over 130k domains was part of a campaign to deliver shareware, PUPs and other scams. We unravel the threads of this campaign from entry point to payload.

Unit42 is a cybersecurity research team known for its  analysis of cyber threats, malware, and cyber attack trends. Through research reports, threat intelligence briefings, and data analysis, Unit42 offers insights into emerging cyber threats and adversary tactics. Readers can learn about threat detection methodologies, vulnerability trends, and cyber attack attribution to enhance their cybersecurity posture and protect their organizations from advanced cyber threats.

Unit 42

Unit 42 researchers discovered a large-scale campaign called ApateWeb that delivers scareware, potentially unwanted programs, and other scam pages. The campaign uses deceptive emails and JavaScript embedded on websites to distribute its malicious content. ApateWeb employs evasion tactics to elude detection, including redirecting to search engines, displaying error pages to bots, and using wildcard DNS. The campaign has remained active since 2022 and has a significant impact on internet users.

ApateWeb: An Evasive Large-Scale Scareware and PUP Delivery Campaign