How does CIS mitigate this threat? (assuming the parent
browser process is not sandboxed).
Once the victim gets redirected to the final URL, the website automatically starts the download of a unique piece of malware for every user. The file is a bundle of legitimate software, like a media-player, and compiles malware and a unique-to-every-user configuration into the downloaded file. The attackers are purely relying on social engineering techniques, in order to get the user to install the software package. No drive-by exploits are being used thus far. The impressive thing is that we are seeing this technique not only work for Windows, but for Mac operating systems alike
I would assume the end result of is an unknown downloaded file, so if the user uses HIPS then he’ll get notifications for it, or if the user uses the auto-sandbox then the file will be sandboxed on launch. - That’s unless the malware is detected by the AV.
Or am I missing something?
Edit: You also have PrivDog which is installed alongside CIS unless you change it, which will by default replace ads with sanitized ads, effectively stopping malvertising.