Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

DeceptionAds ClickFix social-engineering campaign

Campaign
First reported
Last updated
Happening score
H score 28
1 unique sources, 1 articles

Summary

Hide ▲

The DeceptionAds operation used Vane Viper's malicious ad network to deliver ClickFix-style social engineering, expanding deceptive user reach through malvertising infrastructure. The campaign matters because it turns an adtech distribution layer into a pathway for steering users into risky actions and malicious follow-on traffic. It was surfaced in late last year and linked to a broader ecosystem of malicious ads and brokered traffic.

Related Happenings

Webworm multi-country targeting campaign against government and enterprise victims

Campaign
First: 20.05.2026 15:51 Last: 20.05.2026 15:51 Sources 1

About this happening: **Webworm** is running a **multi-country targeting campaign** against **government agencies and enterprises**, expanding the risk of persistent access across several regions. The...

Open Happening

Broad Keitaro TDS abuse across more than 120 campaigns

Target Trend
First: 27.04.2026 09:33 Last: 27.04.2026 09:33 Sources 1

About this happening: **Keitaro TDS** was abused by **more than 120 distinct campaigns** between **October 2025 and January 2026**, showing a broad recurring pattern of malicious link delivery and spam...

Open Happening

PurpleBravo Contagious Interview campaign

Campaign
First: 21.01.2026 19:17 Last: 21.01.2026 19:17 Sources 1

About this happening: The **North Korea-linked Contagious Interview** campaign is refining its malware stack, with **Cisco Talos** reporting that **BeaverTail** and **OtterCookie** are being merged mor...

Latest development: 22.04.2026 17:48

North Korean actor Void Dokkaebi, aka Famous Chollima, pushed the Contagious Interview fake-job campaign into a self-propagating software supply chain operation by abusing compromised developer repositories, malicious Visual Studio (VS) Code tasks, and injected code that can run during normal development activity to spread malware and steal cryptocurrency wallet credentials, signing keys, and access to CI/CD pipelines and production infrastructure. Trend Micro said the campaign also stages payloads on Tron, Aptos, and Binance Smart Chain, and in March it found more than 750 infected code repositories, more than 500 malicious VS Code task configurations, and 101 instances of the commit-tampering tool.

Open Happening

WordPress malicious JavaScript redirect campaign

Campaign
First: 08.10.2025 19:43 Last: 08.10.2025 19:43 Sources 1

About this happening: The **WordPress** compromise campaign is turning site visits into a malware delivery path, redirecting users to **ClickFix-style pages** and fake **Cloudflare verification** scree...

Open Happening

Vane Viper / Omnatuor malicious adtech ecosystem powering malvertising and ad fraud

Threat Actor Meta
First: 25.09.2025 20:22 Last: 25.09.2025 20:22 Sources 1

How related: Vane Viper has provided core infrastructure in widespread malvertising, ad fraud, and cyberthreat proliferation for at least a decade,

About this happening: Researchers **outed Vane Viper / Omnatuor** as a **malicious adtech** ecosystem that has powered **malvertising**, **ad fraud**, and **traffic brokering** for **at least a decade*...

Open Happening

Timeline

  1. 25.09.2025 20:22 2 articles · 8mo ago

    DeceptionAds campaign disclosure

    Initial Disclosure

    DeceptionAds leveraged Vane Viper's malicious ad network to facilitate ClickFix-style social-engineering campaigns, with the activity attributed to Monetag and described by Infoblox as part of a broader adtech-linked infrastructure under PropellerAds and AdTech Holding.

    Show sources
    Open in new tab