14 DAY TRIAL // Malvertisers are abusing the Wajam browser add-on to deliver malicious ads that hijack the user's browsing experience and take him over to a page hosting the dangerous Angler exploit kit.
Wajam is a social share engine that works via a browser add-on that injects social recommendations inside your search results, on desktop or mobile devices.
Malverts were delivered via Wajam's adware
While the company launched off as a promising startup, things derailed in later years, and the Wajam browser add-on was caught injecting ads in Google search results, hijacking the browser's homepage, and even injecting adds in any site you navigated to.
This latter feature is exactly what the malvertisers are now exploiting. The banner injection system works by pushing the entire page down, enough to make room for a banner at the top of the browser window, which to Wajam's credit is marked with an "Ads by Wajam" watermark.
These unwanted banners are created by the browser add-on pulling in code from various ad networks and injecting it into the user's browser.
Malicious ads are part of a bigger malvertising campaign
According to Malwarebytes, a malvertiser managed to compromise the Adk2x (Plymedia) ad network and host his malicious code inside an ad listing, which eventually made its way to Wajam users.
Taking into account that if you try to install the Wajam browser add-on from Wajam's homepage you get a 404 error on the download page, we now begin to get a picture of why malvertising has started making its way into the plugin, which is starting to look like an abandoned project.
As for the malverts, Malwarebytes reports that they're part of a recent wave of malvertising attacks that have also hit news and gossip site TMZ, and movie reviews portal Rotten Tomatoes.
