Malvertising explained

Malvertising, or malicious advertising, is the practice of using web advertisements to spread malware with little to no user interaction required. Cybercriminals use the same advertising strategies as legitimate ad companies, except that malvertisements will either try to download malware directly to visitors devices upon viewing, or send visitors to websites that distribute viruses, ransomware or other unwanted and malicious programs.

How malvertising works?

Rather than attempting to trick users into visiting a malicious website, attackers use the granular profiling functionality provided by ad networks to spread financial malware, data-stealing malware, ransomware and other cyber threats, or if applicable, ads that will trigger an automatic redirection to landing pages hosting exploit kits.

The standard way for attackers to spread malware is to disguise their ads and hide them in the latest multimedia software, free antivirus or even security utilities, when in reality these are malicious related products. These kinds of ads are often designed to cause shock or anxiety and entice visitors to click on them. The second way, commonly known as a drive-by attack, is when visitors go to websites that happen to have malicious ads placed there. A script obfuscated in an infected ad will run in the background and look for vulnerabilities on the user’s computer so it can quietly download and execute a malicious application such as ransomware.

One of the most frustrating aspects is to figure out how easy it is for attackers to bypass ad platforms’ safeguards either because of insufficient checks or more seriously because they can enable the malicious payload only once the ad has been approved by the ad network. This is where solutions like AdSecure come into play: by allowing ad platforms and publishers to automate scanning of their offers or ad zones at regular intervals from multiple locations and devices. As soon as any abnormal behavior is detected an email notification is immediately sent to the ad platform/publisher giving them access to a comprehensive report containing the entire ad redirect chain and creative sources.

Who has this affected so far?

Unfortunately no publisher can be considered absolutely safe, you have probably heard of many cases recently, but here are a few examples of some of the most trusted websites online that have been affected: Forbes, MSN, Yahoo, The New York Times, BBC, Spotify… and the list continues to grow.

How do you protect yourself against malvertising?

Besides not clicking on questionable ads, here are some recommendations to help ensure you remain safe from threats distributed by malvertisements:

• Update your browser to the latest available version – Some malvertising attacks exploit security holes directly in the browsers.
• Keep your plugins updated and disable or uninstall the ones you don’t frequently use, including java.
• Patch your operating system – Install security updates and update your operating system every time a patch comes around to reduce your exposure to zero-day based attacks.
• Get a good anti-virus/anti-malware – Run regular scans of your computer and make sure it is always updated.
• When using your mobile, only installs apps from original app stores and try to run background checks before installing any suspicious apps.

Further reading:

For an indepth explanation of Malvertising and the tricks that Cybercriminals visit our blog post What is Malvertising and how to stop it.