![\"the](\"https:\/\/www.malwarebytes.com\/blog\/news\/2023\/04\/easset_upload_file81335_264368_e.png\")
This is how the actual blog looks<\/em><\/p>\nThe original blog however is hidden by an overlay showing blurred explicit content and a button asking the visitor to confirm they are 18+ and asking if they want to enter the website. We have seen a few different overlays on the same website, so there could some fingerprinting involved. Below are a few examples:<\/p>\n
![\"example](\"https:\/\/www.malwarebytes.com\/blog\/news\/2023\/04\/easset_upload_file20308_264368_e.png\")
<\/p>\n
![\"overlay](\"https:\/\/www.malwarebytes.com\/blog\/news\/2023\/04\/easset_upload_file70269_264368_e.png\")
<\/p>\n
Whichever one the visitor sees, clicking the button does nothing other than registering a click on an advertisement. However, that does help the cybercriminals set up this clickjacking scheme. <\/p>\n
![\"advertisement](\"https:\/\/www.malwarebytes.com\/blog\/news\/2023\/04\/easset_upload_file91921_264368_e.png\")
<\/p>\n
Above is an example of an advertisement shown to a Dutch IP and, below, a screenshot of the Google ad that was presented to a Canadian IP address.<\/p>\n
![\"full](\"https:\/\/www.malwarebytes.com\/blog\/news\/2023\/04\/easset_upload_file1942_264368_e.png\")
<\/p>\n
This is the link behind the version you can see here:<\/p>\n
The code behind these attacks is obfuscated.<\/p>\n In this case there is no imminent danger for the website visitor. It is just wasted money for the advertiser. So, if you run into one of these, don’t make them any richer by clicking that 18+ button.<\/p>\n If you are spending money on advertising it is worth looking at what you get for the money your are spending. According to research carried out by BusinessOfApps<\/a> the total cost of ad fraud in 2022 was around $81 billion, and is predicted to increase to $100 billion by 2023.<\/p>\n If the spending and return on investment are non-transparent, advertisers can also look at solutions that can significantly reduce their advertising costs. You can try some<\/a> for free for up to 5,000 paid clicks per month on the Google Ads platform.<\/p>\n Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.<\/p>\n TRY NOW<\/a><\/p>\n https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"![\"overlay](\"https:\/\/www.malwarebytes.com\/blog\/news\/2023\/04\/easset_upload_file53443_264368_e.gif\")
Dragging the button allows the visitor to see where the click will take them<\/em><\/p>\n![\"obfuscated](\"https:\/\/www.malwarebytes.com\/blog\/news\/2023\/04\/easset_upload_file83086_264368_e.png\")
<\/p>\n
\n