We have been witnessing a series of malvertising attacks that keep a low profile with decoy websites and strong IP address filtering. We are calling it the ‘Binary Options’ campaign because the threat actor is using the front of a trading company to hide the real nature of his business.
There have been similar uses of fake façades as a gateway to exploit kits. For instance, Magnitude EK is known to use gates that have to do with Bitcoin, investment websites and such, as detailed in this Proofpoint blog entry.
In this particular case, the threat actor stole the web template from “Capital World Option“, a company that provides a platform for trading binary options. Participants must predict whether the price of an asset will rise or fall within a given time frame, which defines whether or not they will make money. Binary options have earned a bad reputation though and some countries have even banned them.
Full Article