Team Confiant

 •  1 minute read

8Proof Unmasked: Confiant Investigation Uncovers Connections to Former Download Valley Entity

A new report just released by the Confiant Security Team connects malvertiser 8Proof to iBario Ltd., a company with a documented history of engaging in ad fraud, click fraud and botnet activities.

Marketed as a product of Intango Ltd., 8Proof positions itself as a tool for advertisers to optimize their ad placements for greater efficiency and impact. However, our investigation revealed that 8Proof is actually a malvertising campaign operating through Google Ads. These ads encourage viewers to install malicious browser extensions or programs onto their device, which then hijack search settings and potentially inject unauthorized ads that could generate ad revenue for 8Proof.

Example of landing page requesting malicious extension install on Firefox
Example of landing page requesting malicious extension install on Firefox
Example of landing page requesting malicious extension install on Chrome
Example of landing page requesting malicious extension install on Chrome

By analyzing 8Proof’s infrastructure, the Confiant team uncovered numerous connections between Intango and iBario, a company with a long documented history of malicious activity, including operating the MEVADE/SEFNIT botnet which caused widespread Tor network instability in 2013. The infamous Download Valley company was shut down in 2015, but our investigation suggests that, like many others, it may have reemerged as the rebranded Intango.

Read the full report here: Unmasking 8Proof: Tracing Malvertising to the IBARIO/INTANGO Infrastructure