PageFair Hacked, Distributes Malware With Anti-Blocking Analytics

The perils of ad blocking aren’t limited to lost revenues.

Publishers who tried to do something about it also found themselves exposed to hackers who used their sites to distribute malware to readers over Halloween night from October 31-November 1, according to ad blocking analytics firm PageFair, which admitted the breach in a blog post this week.

PageFair provides analytics that allow publishers who sell inventory through ad networks to detect when readers are using ad blockers, and substitute “non-intrusive” ads for the blocked ads to reclaim some of the lost revenue.

Hackers apparently used PageFair’s own analytics network to distribute Trojan malware during a 83-minute period; the attack was detected within five minutes but took over an hour to stop.

A small proportion of PageFair’s customers (2.3%) were affected, and even within this small number, relatively few visitors would have actually been infected, but PageFair CEO Sean Blanchfield didn’t try to minimize the security breach.



He noted: “If you are a publisher using our free analytics service, you have good reason to be very angry and disappointed with us right now… I am very sorry that this occurred and would like to assure you that it is no longer happening… The attack was sophisticated and specifically targeted against PageFair, but it is unacceptable that the hackers could gain access to any of our systems.”

The Javascript Trojan, disguised as an update to Adobe Flash, infected computers using Windows to get them to join a botnet. Some virus scanners on were able to detect the malware and prevent infection, but not all. On a positive note, PageFair said none of its core servers appear to have been breached, so publishers’ accounts should be secure.

Of course, ad blocking itself is still a growing threat to publishers’ business. This week, a Dutch tech site,, said ad blockers were costing it roughly half of its ad revenues in a blog post urging readers to turn off ad blocking programs, according to Bloomberg.

3 comments about "PageFair Hacked, Distributes Malware With Anti-Blocking Analytics".
Check to receive email when comments are posted.
  1. Douglas Ferguson from College of Charleston, November 3, 2015 at 2:47 p.m.

    I would be happy to turn off my ad blocking program, for a price.  Make me an offer.

  2. Eliana Vuijsje from GeoEdge, November 4, 2015 at 2:24 a.m.

    The attack was detected in five minutes, and took over an hour to stop.
    To me, this is the crux of the issue of why third-party ad security and verification tools exist. Full disclosure, I work for GeoEdge -- and we know not only how to detect malware, but can pinpoint exactly the source in addition the data needed to halt the campaign. Maybe, this hack is less of one of the "perils" for publishers using ad blocking software and more of a peril for not having a third-party ad security solution.  

  3. Robert Gibb from MaxCDN, November 18, 2015 at 6:19 p.m.

    Hey Erik. Rob here from MaxCDN, the content delivery network used by PageFair. Thanks for covering this story. It sheds a lot of light on how businesses and the general population often forget about prioritizing account security.

    In case any MaxCDN users come across this post, I wanted to share this article of ours that covers steps for preventing people with malicious intent from accessing your MaxCDN account:

    A lot of these steps can apply to other services as well. This article was written in response to what happened with PageFair.

Next story loading loading..