Email Malvertising Campaign Detected

NJ State employees are being targeted in an email malvertising (malicious advertising) campaign that attempts to use exploit kits to deliver various malware variants. These emails are purportedly a weekly newsletter and contain links that lead to websites injected with malvertisements (malicious advertisements). The malvertisements use exploit kits, such as Fallout and RIG, to deliver malware, including AZORult and Gootkit, with the ability to steal credentials and collect browsing history, saved passwords, and autofill data, among other capabilities. The NJCCIC recommends users avoid clicking on advertisements within websites, run an ad blocker, and keep all hardware, software, and anti-virus/anti-malware updated.