Malvertising — Are you safe? Google blocked 79 Million ads already. Expected breach in billions of Dollars.
- Swetha Y
- Jun 10, 2019
- 0 comment(s)
What is Malvertising?
Malvertising is nothing but the use of online advertising to spread Malware. Malvertising is a malicious form of Internet advertising used to spread malware.
Malvertising is usually executed by hiding malicious code within relatively safe online advertisements. These ads can lead a victim to unreliable content or directly infect a victim's computer with malware, which may damage a system, access sensitive information or even control the computer through remote access.
Malvertising relies on social network advertising or user-supplied content publishing services. Malvertising may include preinstalled malicious programs set to launch through payloads at specific dates and times.
Malvertising can appear in any advertisement on any site, even the ones you visit as part of your everyday Internet browsing. Typically, malvertising installs a tiny piece of code, which sends your computer to criminal command and control (C&C) servers. The server scans your computer for its location and what software is installed on it, and then chooses which malware it determines is most effective to send you.
Image Courtesy — Google Dictionary
How does malvertising work?
Despite the malicious code, malvertising takes on the appearance of every day ads like pop-ups (pushing things at you such as fake browser updates, free utilities, antivirus programs, and so on), paid ads, banner ads, and more. Malvertising criminals rely on two main methods to infect your computer.
The first is an advertisement that presents some kind of provocative enticement to get you to click on it. The lure might come in the form of an “alert,” such as a warning that you already suffer from malware infection. Or it might be an offer for a free program. Such tactics use social engineering to scare or tempt you into clicking on a link. Give in to that temptation and you are infected.
Even more nefarious is the second method, known as a drive-by download. In this case, the infected ad uses an invisible web page element to do its work. You don’t even need to click on the ad to trigger the malicious activity. Just loading the web page hosting the ad (or a spam email or malicious pop-up window) redirects you to an exploit landing page, which takes advantage of any vulnerabilities in your browser or holes in your software security to access your machine.
Malvertising vs. adware
Malvertising is sometimes confused with adware. Malvertising refers to malicious code initially included in ads, which affects users who load an infected website. Adware is a program that runs on a user’s computer. It’s often installed hidden inside a package that also contains legitimate software or lands on the machine without the knowledge of the user. Adware is usually used to display authentic ad’s which could be quite irritating while working on a system of mobile.
How common is malvertising?
Malvertising is growing at a fast pace. Confiant calculates that 1 in every 200 online ads is malicious, while GeoEdge, which sells anti-malvertising solutions, estimates that up to 1 in 100 ads is not safe. In 2017, Google blocked 79 million ads that attempted to send people to malicious websites and removed 48 million ads that suggested the installation of unwanted software.
Users face multiple threats through bad ads. “The most common attacks are auto-redirects, where the user is thrown out of the page into a different location, in which he or she is exposed to many threats: phishing scams, malware ransom attacks, malicious ads leading to exploit kits and auto file downloads,” says Tobias Silber, vice president of marketing at GeoEdge.
Auto-redirects accounted for 47.5 percent of all malvertising in the last quarter of 2018, according to GeoEdge. Meanwhile, malicious ad pre-clicks (drive-by-downloads or malicious code embedded in the main scripts of a page) made up 25 percent of incidents. Additionally, malicious ad post-clicks (after users click on the ad, they get infected directly or get redirected to a malicious website) accounted for 7 percent.
How can malvertising harm me?
Perhaps a more pertinent way to put that question is: is there really any chance it won’t harm you? The answer is NO, because the bad guys behind malvertising have multiple illicit goals they pursue with dogged determination. They want to make money off you by stealing your identification data, your financial data, and your contact data, among other things. Other than outright stealing data, they can encrypt or delete information, alter or hijack core computer functions, and spy on your computer activity without your knowledge or permission. It all depends on what kind of programs the malvertising succeeds in downloading. The payloads can include:
Malware, which is the umbrella term that describes any malicious program or code that is harmful to systems.
Ransomware, the term for a form of malware that locks you out of your device and/or encrypts your files, then forces you to pay a ransom to get them back. Ransomware has been called the cybercriminal’s weapon of choice because it demands a quick, profitable payment in hard-to-trace cryptocurrency. The code behind ransomware is easy to obtain through online criminal marketplaces and defending against it can be difficult.
Spyware is malware that secretly observes the computer user’s activities without permission and reports it to the software’s author.
Adware is unwanted software designed to throw advertisements up on your screen, most often within a web browser. Typically, it uses an underhanded method to either disguise itself as legitimate, or piggyback on another program to trick you into installing it on your PC, tablet, or mobile device.
A virus is an original malware that attaches to another program and when executed—usually inadvertently by the user—replicates itself by modifying other computer programs and infecting them with its own bits of code. Most cyber-security professionals agree that viruses today are more of a legacy threat than an ongoing risk to Windows or Mac users. That’s because they’ve been around for decades and have not substantially changed.
Malicious crypto-mining, also sometimes called drive-by mining or crypto-jacking, is an increasingly prevalent malware usually installed by a Trojan. It allows someone else to use your computer to mine crypto-currency like Bitcoin or Monero. So instead of letting you cash in on your own computer’s horsepower, the crypto-miners send the collected coins into their own account and not yours. So, essentially, a malicious crypto-miner is stealing your resources to make money.
What is the state of malvertising today?
The malvertising industry is getting more sophisticated when it comes to its malware delivery methods. The beginning of 2019 brought an increasing number of drive-by malicious ads that don’t require a user’s click, says Phil Cowger, a researcher at cyber-security company RiskIQ.
Currently, the most common attack is the gift card scam, says Confiant’s Dangu. At the end of 2018, the company uncovered a massive malvertising campaign targeting iOS devices owned by U.S. citizens. The cybercriminal group known as ScamClub hijacked 300 million browser sessions in just two days. “Attackers collect vast amounts of private data willingly shared by victims, thinking they will receive a reward,” Dangu says referring to the free Amazon gift card scam. “The data collected includes buying intent, health-related data, and is resold to data providers by the attackers.”
Another group, eGobbler, also targeted U.S.-based users. The massive operation was connected to Presidents' Day weekend. When victims clicked on an ad, it redirected them to malicious websites, many of which invited the victims to enter personal and financial data.
How to safeguard against malvertising
Security researchers advise installing antivirus tools and to keep all software updated, including the operating system, browsers, Adobe Flash and Java. Even stronger protection can be achieved by avoiding the use of Flash and Java altogether.
Always practice safe computing and think before you click on anything. And always be sceptical about any suspiciously alarming notices, or scareware, as well as any too-good-to-be-true pop-up offers you receive. Even if you never click on suspect ads, it still won’t protect you against drive-by malvertising living on reputable sites, but it will decrease your odds of getting hit by much of what the bad guys throw at you as most malvertising relies on your click to deliver its malware payload.
Enable click-to-play plugins on your web browser. Click-to-play plugins keep Flash or Java from running unless you specifically tell them to (by clicking on the ad). A large percentage of malvertising relies on exploiting these plugins, so enabling this feature in your browser settings will offer excellent protection.
You should seriously consider using ad blockers, which can filter out a lot of the malvertising noise, thereby stopping dynamic scripts from loading dangerous content. By blocking all advertisements from displaying on websites, you remove any chance of viewing and clicking on an ad that is potentially harmful. Ad blocking also results in additional benefits, from reducing the number of cookies loaded on your machine to protect your privacy by preventing tracking, saving bandwidth, loading pages faster, and prolonging battery life on mobile devices.
However, many of the most reputable news sites rely on advertising for revenue, so they ask users to disable ad blockers in order to access the content. Malwarebytes has weighed in on this subject. There’s also considerable advice about using ad blockers on our blog, detailing some of the completely free methods available to you for a safer internet experience. For example, here’s one of our blogs about ad blockers and anti-tracking browser extensions. And we cover a few of the common ad-blocking utilities and how to best configure those tools for maximum effectiveness.