What is Malvertising?
Malvertising (a combination of the two words “malicious and advertising”) is a type of cyber tactic that attempts to spread malware through online advertisements. This malicious attack typically involves injecting malicious or malware-laden advertisements into legitimate online advertising networks and websites. The code then redirects users to malicious websites, allowing hackers to target the users. In the past, reputable websites such as The New York Times Online, The London Stock Exchange, Spotify, and The Atlantic, have been victims of malvertising. Due to the advertising content being implanted into high-profile and reputable websites, malvertising provides cybercriminals a way to push their attacks to web users who might not otherwise see the ads because of firewalls or malware protection.
Online advertising can be a pivotal source of income for websites and internet properties. With such high demand, online networks have become extensive in to reach large online audiences. The online advertising network involves publisher sites, ad exchanges, ad servers, retargeting networks, and content delivery networks. Malvertising takes advantage of these pathways and uses them as a dangerous tool that requires little input from its victims.
How Does Malvertising Get Online?
There are several approaches a cybercriminal might use, but the result is to get the user to download malware or direct the user to a malicious server. The most common strategy is to submit malicious ads to third-party online ad vendors. If the vendor approves the ad, the seemingly innocent ad will get served through any number of sites the vendor is working with. Online vendors are aware of malvertising and actively working to prevent it. That is why it’s important to only work with trustworthy, reliable vendors for any online ad services.
What is the Difference Between Malvertising and Adware?
As expected, Malvertising can sometimes be confused with adware. Where Malvertising is malicious code intentionally placed in ads, adware is a program that runs on a user’s computer. Adware is usually installed hidden inside a package that also contains legitimate software or lands on the machine without the knowledge of the user. Adware displays unwanted advertising, redirects search requests to advertising websites, and mines data about the user to help target or serve advertisements.
Some major differences between malvertising and adware include:
- Malvertising is a form of malicious code deployed on a publisher’s web page, whereas adware is only used to target individual users.
- Malvertising only affects users viewing an infected webpage, while Adware operates continuously on a user’s computer.
What Are Some Examples of Malvertising?
The problem with malvertising is that it is so difficult to spot. Frequently circulated by the ad networks we trust, companies like Spotify and Forbes have both suffered as a result of malvertising campaigns that infected their users and visitors with malware. Some more recent examples of malvertising are RoughTed and KS Clean. A malvertising campaign first reported in 2017, RoughTed was particularly significant because it was able to bypass ad-blockers. It was also able to evade many anti-virus protection programs by dynamically creating new URLs. This made it harder to track and deny access to the malicious domains it was using to spread itself.
Disguised as malicious adware contained or hidden within a real mobile app, KS Clean targeted victims through malvertising ads that would download malware the moment a user clicked on an ad. The malware would silently download in the background. The only indication that anything was off was an alert appearing on the user’s mobile device saying they had a security issue, prompting the user to upgrade the app to solve the problem. When the user clicks on ‘OK’, the installation finishes, and the malware is given administrative privileges. These administrative privileges permitted the malware to drive unlimited pop-up ads on the user’s phone, making them almost impossible to disable or uninstall.
How Can Users Prevent Malvertising?
While organizations should always take a strong position against any instances of unwarranted attacks, malvertising should high on the priority list for advertising channels. Having a network traffic analysis in the firewall can help to identify suspicious activity before malware has a chance to infect the user.
Some other tips for preventing malvertising attacks include the following:
- Employee training is the best way to form a proactive company culture that is aware of cyber threats and the latest best practices for preventing them.
- Keep all systems and software updated to include the latest patches and safest version.
- Only work with trustworthy, reliable online advertising vendors.
- Use online ad-blockers to help prevent malicious pop-up ads from opening a malware download.