New Botnet Xindi Steals Millions through fake Ad Impressions

Xindi is a new botnet that has been stealing from enterprises and universities using advertising exchange networks.

The new botnet is revealed by the research group Pixalate. Venture Beat reported that the new botnet uses social engineering strategies to implant malwares into computers used by big businesses and schools. The computers are then turned into botnets, which will then trick their hosts and make them report thousands of fake impression on their ads. So far, the malware has made 78 billion fake impressions. The real users will not even know that it is happening to their computers.

Media Post reported that Xindi attacked computers from giant companies in 2014. Some of these companies are General Motors, Citigroup, Wells Fargo, Columbia University, and Marriott International. Pixalate CEO Jalal Nasir said they noticed traffic from the IP addresses from Fortune 500 companies and universities that were associated to Xindi.  

Pixalate said, "[Xindi] is the first botnet that exclusively focuses on generating fake 'viewable' impressions at scale."

According to a report from Exchange Wire, Xindi was developed to attack a vulnerability called Amnesia in the Open RTB v2.3 online advertising protocol. It is not like traditional fraud attacks that uses clickjacking. Instead, it generates massive numbers of fake ad impressions and has already penetrated companies such as Wells Fargo, General Motors, Citigroup, and others. 

This makes advertisers look like they are promoting their ads on very influential prospects at major Fortune 500 companies. The impressions on affected ads went up 300 percent.

Pixalate reported that it has penetrated 8 million machines from over 5,000 business, which are now at risk of being turned into botnets in Xindi.

Other prominent advertisers also affected by Xindi are Home Depot, McDonald's, Uber, Honda, Pandora, Nissan, Monster, and Verizon. According to the Association of National Advertisers and White Ops advertisers lose up to $10 billion a year from online advertising frauds. Besides Xindi, some of the most popular botnets are ZeroAccess and Chameleon, which uses clickjacking and adinfection strategies.