Team Confiant

 •  1 minute read

If It Bleeds It Leads: Gory Celebrity Images Drive Investment Scams

2024 was a very good year to be a scammer–unless, of course, you caught the attention of the Confiant Security Team.

Our 2024 Malvertising and Quality (MAQ) Index report–just released last week–highlights the notable malvertising methods and threat actors that our Security Team tracked last year. And this latest issue featured a new spin on an old favorite: celebrity scams. Only this time, it wasn’t ads with pretty celeb pictures and fake product endorsements driving fraud—it was heavily photoshopped images of celebrities looking bruised and battered.

Here are two of last year's notable threat actors who used gory celebrity images to drive users into investment scams:

eGobbler

Named for a scam detected on Thanksgiving way back in 2017, eGobbler is an evolving threat actor the Confiant Security Team has been tracking for years. Notorious for large-scale malvertising campaigns exploiting browser vulnerabilities, particularly in Chrome and Safari, eGobbler frequently attacked during weekends and high-traffic periods when ad security staff might be off.

After pivoting to investment scams in 2021 and lying dormant for three years, eGobbler resurfaced in November 2024 with another holiday-adjacent attack. This campaign used heavily edited images of celebrities like Richard Branson to drive unsuspecting users to fake websites mimicking major news publishers like the BBC that lured them into fraudulent investment schemes. The 2024 attack featured many of eGobbler's signature techniques, including cloaking, sensationalist celebrity ad creatives, and fake versions of legitimate news sites.

ScandalNewsNetwork

A newcomer to our MAQ, ScandalNewsNetwork (SNN) runs ads with false rumours and scandals about celebrities, often paired with edited photos that make them appear bruised or beaten up. SNN has refined the art of crafting fake landing pages that look like regular blog sites—complete with actual content about the same celebrity. When triggered, these cloaked versions of established news websites stealthily funnel victims into investment scams. ScandalNewsNetwork's ads target multiple countries—but not the USA—and the domains serve high volumes of impressions.

This is just a taste of what’s included in the 2024 MAQ, the industry's first and leading benchmarking report on the security and quality issues affecting the digital advertising industry. Using a sample of over a trillion ad impressions monitored in real time, the report answers fundamental questions about the state of today's programmatic ad industry.

Download the MAQ today!