Towards the end of 2018, the global information company, Experian released a number of online ads as part of a new advertising company. What they didn’t know was that one of their online ads contained an additional image which was hidden within the ad request and was not visible to the online user. On clicking the ad request, innocent users enabled a malicious code, which redirected them to a phishing website.
In another instance in 2018, Check Point found a fraudulent advertising campaign that was aimed at thousands of compromised WordPress website users. The campaign redirected the users to an external IP address (184.108.40.206), which was popularly referred to as “Master134.” This IP address was further used to redirect the traffic to a legitimate advertising domain owned by AdsTerra ad network to be sold as traffic for online advertisers.
With the increase in the number of online ads, hackers are using a new type of cyberattack to target global online ad networks aimed at spreading malware or other malicious code among all online users. Short for “malicious advertising,” malvertising in simple terms, is the technique used to infect online ads with various types of malware code that can ultimately infect thousands of connected computers.
Why is malvertising so damaging? The 2018 industry statistics reveal that malvertising costs online ad publishers around $120 million and online advertisers around $920 million, making it a grand loss of around 1.13 billion in 2018. This cost is only expected to increase further in 2019 and beyond. Websites of leading names like the New York Times, London Stock Exchange, and Spotify have also fallen prey to malvertising by displaying malicious ads to their online customers.
Let’s now discuss how malvertising attacks are carried out and how it is different from adware.
What is Malvertising and how does it work?
Malvertising is a fraudulent form of online advertising where hackers embed malicious code within an online ad which is then published on a popular ad network. When online users click the online ad or simply visit their destination page, the malware code is downloaded on their device and proceeds to cause damage.
Malvertising attacks are targeting Android and iPhone smartphone users. Referred to the PayLeak malware attack, ads on leading online newspapers and magazines were used to lure smartphone users to a phishing website using a fake Amazon gift card offer.
Hackers typically use the following two types of malvertising to spread malware through online ads:
This method of malvertising does not even require the user to click the malicious ad. By simply loading the target webpage, the malware tool is downloaded to the user’s device without any user consent. Among the earliest successful malvertising attack in 2012, this method was used to hit the online users of the Los Angeles Times that was part of a larger malvertising campaign targeting large news websites.
This method of malvertising requires the user to actually click the online ad for the hidden malware code to be downloaded on their device. Malicious ads (using this method) are made to appear like real ads like the “Amazon” ad (in the introductory section) or virus alert ads that entice the users to click on them. A recent example of this malvertising method is the 2017 case of the Zirconium Group that created 28 fake online ad agencies to promote a malvertising campaign resulting in over 1 billion ad views.
Malvertising versus Adware
As both of them deal mainly with an online advertisement, malvertising is often confused with adware (short for ad-based malware). In reality, both are quite different. Here’s a comparison:
How do hackers insert malicious code into online ads?
To execute malvertising, hackers can use a variety of ad sources to insert malware or any malicious code. These include:
Targeted towards the growing E-commerce business, cybercriminals were successful in targeting the online checkout and payment pages of several small-time retail websites hosted on the Magento platform. Dubbed as the “CartThief” attack, the malware code was able to steal personal and financial information of the online shoppers from each transaction.
How to protect yourself from malvertising
As an online user, you can use a range of security measures and practices to protect yourself from malvertising, including:
Malvertising: Latest Trends
Starting from the earliest attacks in 2007-2008, malvertising continues to evolve to this date and pose new challenges to cybersecurity experts. Among the latest trends in 2018 and 2019, malvertising is targeting cryptocurrency miners in the form of malicious ads for trading in cryptocurrencies. A January 2018 case study revealed a fraudulent ad campaign (with embedded scripts) for the CoinHive cryptocurrency, resulting in a 285% increase in the number of CoinHive miners. Also referred to as Cryptojacking, the number of infected devices increased by over 300% monthly towards the end of 2018.
Cybercriminals are no longer focusing on online ads or “click frauds” to implement malvertising but are extending their reach through “bad bots” that is making detection more challenging. Thanks to evolving technology, a malvertising campaign can now be run like any other “traditional” online ad campaign.
Apple and Android phone users are also being targeted for malvertising through the use of forced redirects and Trojanized mobile apps.
With the increased form and complexity of online malvertising attacks, online customers, ad publishers, and online advertisers are realizing the enormous risk that these online attacks pose to their business revenue and reputation. Only a well-designed and comprehensive cybersecurity solution can prepare them to mitigate such attacks or recover from their unfortunate consequences.
What do you think about the threat posed by malvertising? What is the best way to prevent such attacks? Do share your thoughts by leaving behind your online comments. You can also learn more about how cybersecurity works with our professional training program.