What Is Malvertising?
Malvertising or malicious advertising, is a dangerous cyber threat that exploits online advertisements to distribute malware and other malicious software. It involves the use of seemingly legitimate advertisements on websites, apps, and other online platforms to deceive users and compromise their devices and personal information.
Cybercriminals employ various techniques to inject malicious code into ads, taking advantage of vulnerabilities in ad networks and platforms. It can appear in different forms, such as pop-up windows, banner ads, or even sponsored content. What makes malvertising particularly concerning is that it can occur on trusted and reputable websites, making it difficult for users to identify and avoid.
How Does Malvertising Work?
Malvertising takes advantage of the trust and reach of legitimate advertising networks to infiltrate websites, apps, and other online platforms.
The process of malvertising starts with fraudsters submitting infected graphic or text ads to reputable ad networks. These ads often contain hidden malicious code, typically written in JavaScript, which can exploit vulnerabilities in the user’s browser or software. The ad networks, unable to distinguish between legitimate and harmful ads, unknowingly distribute the malvertisements to various websites.
Malvertisements can appear in different forms, including pop-up windows, banner ads, video ads, and even sponsored content. They are designed to blend in with regular ads, making it difficult for users to identify them as malicious. These ads may promise enticing offers, such as free software downloads, system updates, or alerts about potential malware infections, to lure users into clicking on them.
Once a user interacts with a malvertisement, they can be redirected to a malicious website or prompted to download a file. This file often contains malware, such as viruses, ransomware, spyware, adware, or Trojans. The malware can exploit vulnerabilities in the user’s device, gain unauthorized access, and cause significant harm.
One method used in malvertising is the “clickbait” approach, where the ad presents an enticing offer or alert to provoke the user into clicking on it. For example, an ad might display a warning message claiming that the user’s computer is infected with malware and encouraging them to click for a solution. By clicking on the ad, the user unknowingly initiates the download of malware onto their device.
Another method employed by malvertisers is the “drive-by download” technique. In this case, the malicious code is embedded within the ad itself. When the user loads a webpage that hosts the malvertisement, the code automatically executes without any user interaction. This can happen even if the user does not click on the ad, making it particularly dangerous. The exploit landing page, which the user is redirected to, takes advantage of vulnerabilities in the user’s browser or software to gain access to their device.
How To Identify Malvertisements
Identifying malvertisements can be challenging, as cybercriminals often employ sophisticated techniques to make them appear legitimate. However, there are some common signs that can help you identify potentially malicious advertisements:
1. Sloppy or unprofessional appearance:
Malvertisements may have poor design quality, pixelation, or inconsistent formatting. They may appear hastily put together, lacking the professionalism typically associated with legitimate ads.
2. Spelling and grammatical errors:
Malicious ads often contain spelling mistakes or grammatical errors. These errors can be a red flag, as reputable advertisers typically proofread their content before publishing it.
3. Unrealistic promises or sensational claims:
Malvertisements often make exaggerated claims or offer unrealistic promises, such as miracle cures, get-rich-quick schemes, or exclusive deals that seem too good to be true. Be cautious of ads that seem overly sensational or make extraordinary claims.
4. Celebrity scandals or clickbait headlines:
Malvertisements may use sensationalized headlines related to celebrity scandals or current events to grab attention. These ads often rely on curiosity or shock value to entice users to click, leading them to potentially malicious websites.
5. Ads with unrelated content:
Pay attention to ads that appear on websites but seem unrelated to the website’s content or your recent search activity. Malvertisements may be disguised as legitimate ads, but their content may not align with the context of the website or your browsing history.
6. Suspicious URLs or redirects:
Hover your mouse over the ad to view the URL it leads to. If the URL looks suspicious or unfamiliar, it could be an indication of a malvertisement. Similarly, if clicking on an ad redirects you to a different website that seems unrelated or suspicious, exercise caution.
7. Pop-ups and unexpected downloads:
Malvertisements often generate pop-up windows or trigger unexpected downloads. If you encounter excessive pop-ups or notice unexpected files downloading without your consent, it could be a sign of a malvertisement.
What Are The Risks Of Malvertising?
Malvertising poses significant risks to individuals and organizations, with potentially severe consequences for computer systems, networks, and data security. Understanding these risks is crucial in taking proactive measures to protect against malvertising attacks. Here are the three most common dangers associated with malvertising:
1. Inoperable Computers and System Networks
Malvertising campaigns can result in the download and execution of various types of malware, including ransomware, adware, bots, and other malicious software. Once malware infiltrates a computer or network, it can cause a complete or partial breakdown of the system. Malware may self-replicate, overload system resources, or exploit vulnerabilities, rendering the computer or network inoperable. This can result in significant disruptions to daily operations, loss of productivity, and increased costs to restore or replace affected systems.
2. Hardware Failure
Malvertisements can introduce harmful files that can attack computer hardware components. This can occur by overburdening processors, consuming excessive random access memory (RAM), or exploiting vulnerabilities in specific hardware devices. Overloading a computer’s resources can lead to overheating, which may cause hardware components, such as the motherboard, to fail. Additionally, malware introduced through malvertisements can target specific hardware, such as cameras or microphones, enabling unauthorized access or surveillance.
3. Data Loss and Data Theft
Malvertising poses a significant risk to data security. Malicious software delivered through malvertisements can be programmed to steal sensitive data or create backdoors for future data theft. This can include personal information, financial data, login credentials, or customer and client data. Data breaches resulting from malvertising attacks can lead to significant financial and reputational damage for individuals and organizations. Stolen data may be exploited for fraudulent activities, sold on the dark web, or used to conduct further cyberattacks.
Furthermore, malvertisements can install spyware, such as keyloggers, which record keystrokes and capture login credentials. This information can be used to gain unauthorized access to various accounts, leading to identity theft, financial fraud, or unauthorized access to confidential information.
What’s The Difference Between Malvertising And Adware?
Malvertising and adware are distinct forms of malware that impact online advertisements, but they differ in their delivery method, intent, impact, and persistence. The main differences between malvertising and adware are as follows:
1. Delivery Method: Malvertising involves injecting malicious code into legitimate ad networks or websites, while adware is installed as a separate software program on the user’s device.
2. Intent: Malvertising aims to deliver malware and exploit vulnerabilities in users’ systems, while adware focuses on displaying ads and collecting user data for targeted advertising.
3. Impact: Malvertising can lead to serious consequences, such as system compromise, data theft, or financial loss, as it delivers harmful malware. Adware, while intrusive, is generally more of a nuisance and does not pose the same level of risk.
4. Persistence: Malvertising is typically a one-time event, where users encounter infected ads while browsing specific websites. Adware, once installed on a device, can continue displaying ads persistently, even when the user is not actively browsing the internet.
How Do Malvertisements Affect Users?
Malvertisements, or malicious advertisements, can have a significant impact on users who come into contact with them. Even without actively clicking on the ads, users can be affected by various consequences. Here’s a detailed look at how malvertisements can impact users:
1. Drive-by Downloads:
Malvertisements often exploit vulnerabilities in users’ browsers or plugins to initiate “drive-by downloads.” This means that simply visiting a webpage hosting a malicious ad can result in the automatic installation of malware or adware on the user’s device. These drive-by downloads can occur silently in the background without the user’s knowledge or consent. Once installed, the malware can compromise the security of the user’s system, leading to data breaches, unauthorized access, or other harmful effects.
2. Forced Browser Redirects:
Malicious ads can also redirect users to malicious websites without their consent or knowledge. Instead of reaching the intended destination suggested by the ad, users may find themselves redirected to websites that pose a threat to their online safety. These websites may host further malware or engage in phishing attacks, attempting to trick users into revealing personal information, such as login credentials or financial details. Users may encounter scams, fraudulent schemes, or additional malware infections as a result of these forced browser redirects.
3. Unauthorized Display of Unwanted Content:
Malvertisements can execute JavaScript code that goes beyond the legitimate content displayed by the ad network. This can lead to the unauthorized display of additional ads, pop-ups, or even malicious content. Users may experience a disruptive browsing experience with intrusive ads that hinder their ability to view or interact with the desired content. In some cases, malvertisements may display inappropriate or harmful content that can be distressing or offensive to users.
When users actively interact with malicious ads by clicking on them, the risks become even more severe:
1. Installation of Malware or Adware: Clicking on a malicious ad can trigger the execution of code that installs malware or adware on the user’s device. This can have serious consequences, as the installed malware may compromise the user’s system, steal sensitive information, or cause financial loss. For example, ransomware can encrypt files and demand a ransom for their release, while spyware can monitor user activity and steal personal information.
2. Redirects to Malicious Websites: Clicking on a malicious ad can redirect users to websites that are designed to exploit their devices or deceive them. These websites may host further malware, phishing attacks, or fake software downloads. Users may unknowingly expose themselves to scams, identity theft, or financial fraud by interacting with these malicious websites.
3. Phishing Attacks: Malicious ads can redirect users to websites that closely mimic legitimate sites, such as banking or e-commerce platforms. These fake websites aim to deceive users into entering their login credentials, financial information, or other sensitive data. Phishing attacks can result in identity theft, unauthorized access to accounts, or financial loss for users who unknowingly provide their personal information to these fraudulent sites.
History Of Malvertising
Malvertising has a history that dates back to the late 2000s. Over the years, it has become a significant threat to users across the internet. Let’s take a detailed look at the history of malvertising:
Late 2007 or early 2008: The first recorded malvertising attack occurred during this period. It targeted popular platforms like MySpace and exploited a vulnerability in Adobe Flash. This attack served as an early indication of the potential dangers posed by malicious advertisements.
2009: The New York Times online magazine fell victim to a malvertising attack that enlisted computers into a larger botnet of malware-infected devices. Readers were presented with ads that falsely claimed their systems were infected, tricking them into installing malicious security software.
2010: Malvertising exploded across the internet, with industry experts identifying billions of display ads carrying malware across approximately 3,500 websites. This marked a significant increase in the scale and impact of malvertising campaigns.
2011: The popular music streaming service Spotify experienced a drive-by download malvertising attack. This attack involved the automatic download and installation of malware onto users’ devices when they visited compromised websites.
2012: The Los Angeles Times was hit by a massive malvertising attack, which infected users through drive-by downloads. This attack was part of a broader campaign targeting large news portals, setting a template for future malvertising attacks.
2013: Yahoo.com, one of the most visited websites globally, became a victim of a major malvertising attack. The attack infected users’ machines with the CryptoWall ransomware, putting a significant number of the website’s monthly visitors at risk.
2014: Malvertising attacks continued to increase, with notable incidents affecting Google DoubleClick and Zedo ad networks. News portals like Times of Israel and The Jerusalem Post also fell victim to malvertising campaigns during this period.
2015: Malvertising attacks diversified their targets, affecting a range of popular websites. Dating sites, adult video streaming sites, Google Adwords, and even trusted platforms like MSN.com were used to display malicious ads and drop malware onto unsuspecting users’ computers.
2017: A threat actor known as Zirconium conducted what was arguably the biggest malvertising campaign of the year. This campaign involved the purchase of an estimated one billion ads, which were designed to force redirect users to websites hosting fraudulent schemes or malware. It was found that this single campaign was present on 62% of ad-monetized websites each week.
2018: Malvertising actors adopted new tactics to exploit users. They began taking over abandoned domains, which are websites that previous owners failed to renew, to display malicious ads that force redirect users to tech support scam sites. Additionally, cybercriminals started abusing cryptocurrency miners, using services like Coinhive to turn users’ computers into cryptomining machines without their knowledge or consent.
The Impact Of Malvertisements On Publishers
Malvertisements, or malicious advertisements, have a profound impact on publishers, affecting their reputation, site traffic, revenue, and even legal liabilities. Let’s delve into the details of these consequences and explore the methods publishers employ to mitigate the impact of malvertisements.
1. Reputational Damage:
When a publisher’s website displays malicious ads, it can damage their reputation. Users who encounter these ads may associate the negative experience with the publisher, leading to a loss of trust. This can result in a decline in user engagement, as visitors may hesitate to return to the affected website, impacting the publisher’s credibility.
2. Decreased Site Traffic:
Malvertisements can significantly reduce site traffic. Users who have encountered malicious ads or experienced malware infections may be wary of revisiting the affected website. This decline in traffic can directly impact ad impressions, user engagement, and overall revenue for the publisher.
3. Revenue Loss:
Malvertising can lead to a loss of ad revenue for publishers. Advertisers may be less willing to place ads on websites associated with malvertisements, fearing negative associations or user backlash. This reduction in ad inventory can result in lower revenue generation for publishers.
4. Legal Implications:
Publishers may face legal liabilities due to the harm caused by malvertisements. If users’ devices are infected with malware or if they suffer financial losses due to scams facilitated by malicious ads, they may hold the publisher accountable. Legal disputes and potential financial repercussions can arise from these situations.
Methods Of Malware Insertion Into Ads
Malvertisements pose a significant threat to publishers, as they can be inserted into ads through various methods. Understanding these methods is crucial for publishers to implement effective safeguards. Here are the different ways malware can be inserted into ads:
1. Malware in Ad Calls:
When a website displays a page with an ad, the ad exchange delivers ads through third-party servers. Attackers can compromise these servers and inject malicious code into the ad payload. This means that even if the publisher’s website is secure, the ad itself can contain malware.
2. Malware-Injected Post-Click:
After users click on an ad, they are often redirected through multiple URLs before reaching the ad landing page. If an attacker compromises any of these URLs, they can inject and execute malicious code. This can happen without the user’s knowledge, making it challenging to detect and prevent.
3. Malware in Ad Creative:
Malware can be embedded directly into the creative elements of an ad, such as text or banner ads. For example, HTML5 allows ads to combine images and JavaScript, which can contain malicious code. Ad networks that use Flash (.swf) format are particularly vulnerable to this method, as Flash allows for more complex and potentially malicious interactions.
4. Malware Within a Pixel:
Pixels are small snippets of code embedded in ad calls or landing pages to track user data. While legitimate pixels only send data, attackers can intercept the delivery path of a pixel and send a response containing malicious code to the user’s browser. This can lead to malware infections without the user directly interacting with the ad.
5. Malware Within Video:
Video players do not provide inherent protection against malware. For instance, standard video formats like VAST can include pixels from third parties that may contain malicious code. Additionally, attackers can insert a malicious URL at the end of a video, which can infect users who click on it.
6. Malware Within Flash Video:
Flash-based videos pose a particular risk as they can inject an inline frame (iframe) into the page. This iframe can download malware onto the user’s device without the need for the user to click on the video. Malicious code can also be injected into pre-roll banners that load while the video file is loading.
7. Malware on a Landing Page:
Even on legitimate landing pages served by reputable websites, clickable elements may execute malicious code. This type of malware is especially dangerous as users click on an ad, land on a genuine landing page, but unknowingly get infected by a malicious element within the page.
Examples Of Malvertising Campaigns
There are several main kinds of malvertising campaigns that cybercriminals use to exploit unsuspecting users. Here are some examples:
1. Get-rich-quick schemes and surveys:
These campaigns involve aggressive advertising networks that disrupt users’ browsing by hijacking their screens with offers that promise quick wealth, work-from-home opportunities, bogus surveys, or freebies. These campaigns often target specific demographics or device users, such as iPhone users.
2. Tech support scams:
Scammers target both Windows and Mac users with tech support scams. They create fake websites that impersonate trusted brands like Apple or Microsoft and use JavaScript to prevent users from closing the page. Frustrated users are then prompted to call a toll-free number for assistance, where scammers try to sell them unnecessary and expensive “tech support” services.
3. Fake software updates:
Cybercriminals often masquerade as legitimate software providers, such as Adobe Flash Player, and prompt users to download fake updates. These campaigns are prevalent on adult or video streaming websites, where users are lured into downloading the supposed update to access desired content. These fake updates can contain adware, malware, or spyware that can harm users’ devices.
4. Scareware:
Scareware campaigns aim to deceive users by displaying false alerts claiming that their computer, whether it’s a Mac or Windows machine, is severely damaged or infected. Users are then urged to download a program to fix the issue. Scareware scams are typically driven by malvertising affiliates who earn commissions by promoting potentially unwanted programs (PUPs).
Kinds Of Platforms That Are Vulnerable To Malvertising
Malvertising campaigns can target various platforms, including:
1. Windows: Windows operating systems have historically been the primary target for malware attacks due to their large user base. Malvertisers often focus on Windows users to maximize their return on investment.
2. Mac: While Windows has been the main focus, Macs are also susceptible to malvertising attacks. Malvertisers can exploit vulnerabilities in browsers or plugins to infect Mac devices.
3. Chromebook: Chromebooks, which run on the Chrome OS, are not immune to malvertising attacks. Malicious ads can still target Chromebook users through their browsers or other vulnerabilities.
4. Android: Mobile devices, particularly Android phones, are increasingly targeted by malvertising campaigns. Malvertisers use tactics like forced redirects and Trojanized apps to deceive and infect Android users.
5. iPhone: Although iPhone devices have generally been considered more secure, they are not completely immune to malvertising attacks. Malvertisers can exploit vulnerabilities in iOS or target specific apps to deliver malicious ads.
6. Business Networks: Businesses have become prime targets for malvertising campaigns due to their distributed networks and the valuable personal and financial data they possess. Malware delivered through malvertising can pose significant risks to businesses, which is why they are increasingly targeted by cybercriminals.
How To Prevent Against Malvertising
To protect against malvertising, here are some key steps to follow:
1. Keep your devices and software up to date:
Regularly update your operating system, applications, and web browsers with the latest security patches. Remove any unnecessary software, especially outdated plugins like Flash or Java, as they are often targeted by malvertisers.
2. Practice safe browsing habits:
Be cautious when clicking on ads or suspicious links. Think before you click and avoid interacting with ads that seem too good to be true or display alarming notices. Be skeptical of unexpected pop-ups.
3. Enable click-to-play plugins:
Configure your web browser settings to enable click-to-play plugins for Flash or Java. This feature prevents these plugins from running automatically and requires your explicit permission to run, reducing the risk of malvertising exploits.
4. Use ad blockers:
Consider using ad-blocking software or browser extensions to filter out ads and prevent malvertising from loading. Ad blockers can also provide additional benefits such as faster page loading, reduced tracking, and improved privacy.
5. Regularly scan your system:
Use a reputable cybersecurity program to scan your devices regularly for malware, including malvertising threats. Real-time, always-on cybersecurity solutions offer the best protection against malvertising and other malware.
For publishers and website owners:
1. Vet ad networks: Thoroughly research and vet ad networks before partnering with them. Ensure they have a good reputation and strong security practices in place to prevent malicious ads from being delivered.
2. Scan ad creative: Implement a robust scanning process to check ad creative for malware or unwanted code before displaying it on your website. This helps identify and prevent malicious content from reaching users.
3. Restrict file types: Enforce a policy that limits the file types allowed in ad frames. Avoid using JavaScript or Flash and restrict it to safer formats like JPG or PNG. This reduces the risk of malicious content being delivered through ads.