• All Articles

How malvertisers targeted the US in Q1 & Q2

By Giles

September 29, 2021

53 How Malvertisers Targeted the Us in Q1 & Q2

As a prequel to AdSecure’s soon to be released Violations Report Q1 & Q2 we looked at Malvertising activity for user security violations that targeted the US.

The US is the top GEO for malvertiser activity, where AdSecure detected 20.9% of all user security violations. The next closest GEO was Germany at 7.84%, so as you can see the US is way ahead when it comes to malvertising attempts. Notice the use of the word ‘attempts’ here. Using AdSecure as an ad security solution discovered the ‘attempts’, meaning these malvertisers had their campaigns stopped before they could do any damage to website and ad network reputations and of course, they were unable to compromise the end user.

User security violations are considered the most damaging because they target unsuspecting victims to steal user data such as credit card and personal information and can take over an end user's device with malicious software for extortion or Cryptocurrency mining. Here are the User Security Violations as a percentage compared to the rest of the world that AdSecure detected in the US from January 1 to June 31st 2021: 

52.5% of all Phishing URLs: A phishing site can trick users into revealing their personal information (for example, passwords, phone numbers, or credit cards). The content pretends to act, or looks and feels, like a trusted entity, such as a browser, operating system, bank, or government.

52.2% of all Ransomware: Ransomware is a form of malware that essentially holds a device’s system captive, demanding that the device owner pays a ransom. The malware restricts user access to the device either by encrypting files on the hard drive or locking down the system and displaying ransom messages. The victim is then asked to supply credit card details to unlock the device.

28.8% of all Malicious URsL: Malicious URLs host unsolicited content (spam, phishing, drive-by exploits, etc.) and lure unsuspecting users to become victims of scams (monetary loss, theft of private information and malware installation).

16.1% of all Drive by Crypto mining: Ads that consist in using a piece of javascript code that secretly uses the victims device’s CPU to mine for different cryptocurrencies, this happens directly through the victim’s browser.

14.3% of all Adware: Adware is software that downloads or displays unwanted ads when the user is online, it collects marketing data and other information without the user's knowledge, or redirects search requests to certain advertising websites.

13.8% of all Malware: Malware is a general category of malicious code that includes viruses, worms and Trojan horse programs. It is used to disrupt computer operations, gather sensitive information, gain access to private computer systems, or display unwanted advertising. 

10.2% of all Unwanted Programs: Unwanted software is an executable file or mobile application that engages in behavior that is deceptive, unexpected, or that negatively affects the user's browsing or computing experience.

7.8% of all SSL non-compliance: Ads that contain at least one unsecured item in the chain of resources (unsafe, no https, mixed content, ssl version or cipher mismatch).

4.5% of all Scareware: Ads claiming that the user's device is infected with a virus and informs the user that they are in need of antivirus software. Ironically, the Scareware ad sometimes actually contains a virus that could harm the user’s device. Scammers often use the names of well-known companies that specialise in computer software to gain your trust. The pop-up advertisements aim to mimic genuine warning alerts generated by computer security software. This can cause costly device repairs for the end user or even worse, lead to identity theft. 

2.3% of all Browser Lockers: A script runs in the web browser of the end user's device and its main purpose is to disable any form of action that can close the browser – such as clicking the close button and pressing certain shortcut keys. All attempts to close the browser will result in a warning message box.

If you monetize large volumes of US traffic you should ensure that none of the above User Security Violations ever get a chance to be exposed to end users via your platform. AdSecure offers a 360 degree monitoring and protection for the ad supply chain of publishers and ad networks, by automating the ad verification process before ad campaigns go live & while they are running. 

Share this article on