AdSecure's powerful API Callback feature enables users to boost ad quality by promptly detecting and halting violations on the spot.
Continue readingHow cybercriminal activity compares in the US vs China in Q2 2023
To give you key information to protect your brand against cybercriminals, we analyzed cybercriminal activity in the US vs China in Q2 2023.
Continue readingMalvertising Trends in April to June 2023 and Cybercriminal Activity: AdSecure Violation Report
On this edition of AdSecure Violations Report we have a look at Malvertising Trends and Cybercriminal Activity in Q2 2023.
Continue readingLatest Ransomware attacks in ad tech: How to stop Ransomware attacks with AdSecure
Learn what is Ransomware, find our about the latest Ransomware attacks in ad tech, and how to stop Ransomware attacks with AdSecure!
Continue readingWhy is online brand safety important for online advertising?
Learn why is brand safety important and top tips for publishers to protect their brand safety at all times!
Continue readingHow malvertising trends compare in the US vs South Asia in Q1 2023
Discover the top Malvertising Trends for Q1 2023 in the US and South Asia and AdSecure's ad security predictions for 2023!
Continue readingMeet with AdSecure at TES Affiliate Conferences
Meet with Customer Success Manager Guandi Bai and Business Development Manager Jordan Franken at TES Affiliate Conferences.
Continue readingWhat is Malvertising? And how to stop it
Malvertising is distributed throughout the digital advertising ecosystem, here we explain what is Malvertising? And how to stop it.
Continue readingThreat Intelligence: AdSecure’s URL security checker
The AdSecure Threat Intelligence service acts as the first line of defense against cybersecurity risks in Ad campaigns.
Continue readingHow does the EU compare to the US for ad security in 2022?
Discover what cyber criminals did in the EU and the US during Q1 & Q2 2022, and get useful insights into ad security to protect the end user.
Continue readingDetection of Malicious Ad Campaings: AdSecure releases Q1 & Q2 Violations Report 2022
For AdSecure's Violations Report, we analyzed over 100 million ad campaigns looking for insights into cyber criminal behavior in Q1 & Q2.
Continue readingURL Phishing attack: Google WebRisk user security threat
A phishing attack is a user security violation detected by AdSecure which targets a user to trick them into revealing personal information.
Continue readingAd Security Predictions 2022
Here are our ad security predictions for 2022 where we look at 4 big events from 2021, which will provide further opportunities for cyber criminals using the online advertising ecosystem to reach unsuspecting internet users with new, inventive ways of exploitation.
Continue readingMalvertisers are boosting their Malware and Phishing scams
In Q4 of this year cybercriminals were making the news headlines. Angling Direct's domain, website and social media accounts were compromised by hackers, redirecting users to an adult website; Electronics retailer MediaMarkt got hit by ransomware that demanded $240 million dollars after stopping its online shopping service in Belgium and the Netherlands. In Q3 AdSecure also saw some big spikes in user security violations as bad actors launched their Summer attacks. Malware detections increased by 1285.19% with the majority concentrated in July and August. Phishing detections also increased by 413.97%. Adware, Browser Locker and Scareware also increased 15.74%, 8.65% and 4.82% respectively, and now, in Q4 detections for these user security violations are still high. To demonstrate some tactics used by Cybercriminals, here are two examples of Malware and Phishing campaigns, both recently detected and stopped by AdSecure:
#1 Malware attack in Turkey
Cybercriminals used Discord's Content Delivery Network to host malicious payloads. Discord is a popular VoIP, instant messaging and digital distribution platform used by approximately 140 million people.
Users can organize Discord servers into topic-based channels in which they can share text or voice files. They can attach any type of file within the text-based channels, including images, document files, and executables. These files are stored on Discord's Content Delivery Network (CDN) servers.
However, many files sent across the Discord platform are malicious, pointing to a significant amount of abuse of its self-hosted CDN by bad actors who create channels with the sole purpose of delivering these malicious files.
Malvertisers use infected campaigns to target online gamers, luring them into downloading fake versions of popular online games that actually contain malware. The image below is the landing page of one of these malware campaigns detected by AdSecure on 3 November 2021. As you can see the text is in English, only the month November (Karim) is in Turkish. Additionally note that egyptian gamers is spelt incorrectly.
This campaign triggered an apk file that downloaded automatically to the user's desktop or mobile device. When we checked the auto-downloaded file we discovered that the file was detected as Trojan/Malware by 15 security vendors.
The files are often renamed as Gaming software or Google PlayStore games to trick end users, and the file stored on Discord's CDN used the link in the following format: https://cdn.discordapp[.]com/attachments/{ChannelID}/{AttachmentID}/{filename}
How did AdSecure detect the malware?
AdSecure’s Ad Discovery tool works by first detecting and then analysing all ads it encounters on web or mobile site pages, engaging with the ads as a user would, performing analysis both on the main site page, and by clicking on each ad — be it a banner, native, popup, popunder, etc — to detect any malicious activity a user might encounter in the redirection paths of this campaign and on any landing page the end users could be sent to. Once the violation was detected, AdSecure notified the client in real-time so the client's compliance teams could identify the campaign and ban the fraudulent advertiser from their ad network to prevent the bad actor from infecting more end users.
#2 Phishing scams using fake Lucky Draws
Phishing is often considered as the easiest way for financial gain for Cybercriminals. One method is through fake Lucky Draws from well known social media platforms. To show an example, AdSecure detected the following scam on an entertainment website in the United Arab Emirates in September. The ad showed up as a popunder.
The scammers used the Whatsapp logo and fake likes and comments on this landing page to fool end users into believing the lucky draw was legitimate. However, once the user spun the wheel to win a prize, they were asked to give away their personal information and credit card details to receive a prize. The victims only realized that they had been scammed after being informed by their banks about unauthorised transactions. The scammers also changed the URL 2 days later, to promote an adult dating offer. The landing page showed pornographic images which is illegal in United Arab Emirates.
How did AdSecure detect the phishing scam?
The client used AdSecure's API integration giving them a full malvertising and ad quality control system including the detection of adult content. Once the violation was detected, AdSecure's API integration allowed the client to reject, suspend or further monitor the ads, redirection paths and landing pages in real-time, giving the client full control over their ad supply chain. The ability to be able to use AdSecure’s Ad Classification tool enabled the client to detect that the malicious URL was displaying adult content, so it could be quickly removed from their ad supply chain, without which, it could have caused the website severe legal problems in their country as well as potentially for end users that viewed the pornographic landing page.
Conclusion
Cybercriminals use more sophisticated methods to lure unsuspecting end users into parting with personal and financial information via malware and phishing and other user security violations. With the ever increasing time that internet users spend online on a range of different devices, it is more important than ever to defend and protect end users against malvertisers. Publishers and ad networks have a duty to serve clean advertising and keep their end users safe. That is why it is essential that publishers and ad networks have a 360 degree ad security and ad quality solution like AdSecure as their first line of defense against cybercriminals.
How do you deliver high ad quality?
How to build the right strategy against threats, poor user experience issues and get insights into ad performance to ensure you show high quality ads.
Continue readingCrisis Opportunity: How malvertisers are taking advantage of the COVID-19 pandemic
AdSecure exposes how malvertisers exploit users during the COVID-19 pandemic.
Continue readingAdSecure releases first security violations report for Q1 2019
AdSecure, the innovative digital security company that works with ad platforms and publishers to ensure a secure engaging online advertising experience for users, has released their security violations report for Q1 2019. AdSecure’s always online solution uses a crawler built around modern browser technology, analysing ad creatives to detect malicious threats, non-compliance and ad quality issues in real-time.
For this report AdSecure analysed more than 200,000 ad campaigns across multiple regions, devices, and browsers for our partners between 1st January to 31st March. These findings provide insights into cyber-criminal behaviour during Q1: Where they were most prolific, how they delivered their attacks, their malicious weapons of choice, and what AdSecure’s detections revealed in order to stop and protect end users from malicious ads.
Top 10 GEOs with security violations

The percentages represent the 100% total of these top 10 GEOs. They are generally considered to be part of the tier 1 countries group, with the sometimes exception of Argentina. AdSecure’s product manager Mat Derval commented, “Affluent populations are prime targets for cyber criminals. These richer populations are more likely to buy fake security or fake repair software when being redirected to tech support scams as well as being targeted by malware distribution attacks such as the Emotet banking trojan.”
Top 5 GEOs violation breakdown
Drilling down further into the data, AdSecure performed a detailed analysis of the top 5 in order to rank the percentage of detected violations targeted at each country. We can see that Browser locker was by far the biggest violation from a volume perspective, with the only exception being Canada, where it came second to Malware attacks at 50%. Around a quarter of violations were Malware attacks in the USA & Belgium and Scareware being the second most detected violation in France, Argentina, and the USA.

Browser lockers - the biggest current threat
With the prevalence of Browser locker detections in 8 out of the top 10 GEOs, AdSecure looked globally at which browsers cyber criminals used to target their Browser locker activity on desktop and mobile.

With 70% of detections coming from Google Chrome, Mat Derval commented, “To a cybercriminal it is all about volume and Google Chrome is indisputably the most popular browser. The criminal doesn’t know how long he can get away with the attacks, therefore the life cycle of the attack could be short, so by targeting the world’s biggest browser he can maximise the revenue of the malicious campaign by exposing it to as many end users as possible.”
In conclusion Mat Derval explained, “The biggest threat in Q1 2019 was clearly Browser lockers, including Push lockers, a new variation on this threat, distributed by bad actors who exploit a flaw in the push notifications opt-in process. AdSecure was able to detect a massive amount of those attacks because our crawler is powered by modern browser technology, which is crucial in order to catch the latest versions or mutations of threats. We detected this new trend at the end of Q4 2018, and we were able to release a major update to our crawler at the beginning of Q1 2019 to protect our clients and partners.”
The key takeaways: using data to fight cyber-crime effectively
- Follow the money, threat actors certainly do. Much like criminals flock toward the high spending we see within the programmatic and mobile ad marketplaces, targeting affluent nations where digital marketing budgets flow at an astounding pace (digital ad revenues surpassed $100 Billion in the US in 2018) is a no-brainer for a fraudster looking to make the most of an attack. Frequent, diligent scanning and analysis of your campaigns running within these affluent regions will help to greatly eliminate the most dangerous threats lurking within your ad inventory.
- Everyone loves Google Chrome, including malvertisers. With Chrome being the dominant browser, the likelihood of an attack targeting Chrome users increases dramatically. When looking at how best to distribute the monitoring resources at your disposal, focusing on campaigns frequently viewed on Chrome is a great practice for mitigating attacks.
- Modern threats require a modern solution. AdSecure was the first provider to identify the push locker mutation of the browser locker attack thanks to the modern tech powering our crawler. Working with modern solutions is key to uncovering every new threat before it can infect your ad delivery.
- Analyse your campaigns, a lot. Attacks can infect the redirection path at any time during an active campaigns lifecycle, meaning that a creative you scanned right at launch can go from clean to dirty several days after launch. The best way to stay one step ahead is to scan the creatives for threats regularly, using a comprehensive approach that aims to keep threats out pre-flight, and once your campaign is up in the air.
Going Forward
This security violations report is the first of what will be an ongoing, quarterly analysis on the always evolving world of digital risk. In future we will compare current quarterly data with past reports to take a look at how digital ad attacks change over time, where improvements can be found Q on Q, and what new threats are rising in popularity. We look forward to providing both our partners, and all stakeholders within the digital advertising ecosystem, with insights that will help them build a safer digital world. For everyone.
About AdSecure
AdSecure provides constant detection and notification of security, compliance & quality issues within the digital ad supply chain.
Nearly 1.5 million phishing sites are created each month
One area of cyber crime that that has picked up dramatically over the last 12 months is phishing. If you are not familiar with what phishing is, it is the art of tricking people in to handing over their credentials or access to protected systems. Phishing campaigns tend to be huge email blasts that contain either links or attachments. You click a link that takes you to a website that looks like your bank’s, and enter your credentials without thinking. Or in the case of a more sophisticated attack, you click a link or attachment which installs a piece of malware which compromises a system or network.
Verizon’s 2016 Data Breach Investigations Report carried out a study of 150,000 phishing emails and alarmingly, 30 percent of phishing messages were opened – up from 23 percent in the 2015 report – and 13 percent of those clicked to open the malicious attachment or nefarious link.
It seems that cyber criminals are on a major phishing expedition, with the latest figures from The Webroot Quarterly Threat Trends Report stating that 1.385 million new phishing sites are created each month. May 2017 set a new monthly record with 2.3 million sites created.
The report also states that phishing sites are getting much harder to detect as they are becoming much more sophisticated. They also found that these sites tend to stay up for a very short period of time: between four and eight hours. This enables the sites to avoid getting tracked or blacklisted. Even if the blacklists are updated hourly, they are generally 3–5 days out of date by the time they’re made available, by which time the sites in question may have already victimized users and disappeared. The report also found that criminals are using company impersonations as one of their main techniques, posing as emails from Google, Chase, Dropbox, PayPal and Facebook being the biggest targets.