A threat actor named ScamClub is abusing ad platforms to place malicious ads on reputable websites that redirect users to phishing pages, gift card scams, and giveaway scams.
The group has been active since 2019, has employed multiple browser zero-days, and is believed to have made an estimated $8.5 million in the first half of the year alone.
Security firm Confiant has linked the group's operations to a Hong Kong company named WayTop International Advertising Limited.
https://blog.confiant.com/exploring-scamclub-payloads-via-deobfuscation-using-abstract-syntax-trees-65ef7f412537