Our online experiences are often accompanied by ads that seem innocuous but can harbor a hidden threat. This threat is known as "Malvertising," a term that combines "malware" and "advertising."
Malvertising involves the surreptitious embedding of harmful code within online advertisements, targeting unsuspecting web users. In this article, we delve into the intricate workings of malvertising, exploring how it operates, its distribution methods, the types of infections it can cause, and real-life examples that underscore its pervasive danger.
Table of Content (TOC)
- What is Malvertising?
- How Does Malvertising Work?
- How Is Malvertising Distributed?
- What Types of Infections Can Malvertising Cause?
- Real-Life Malvertising Examples
- Why Has Malvertising Risen Recently?
- Malvertising vs Ad Malware (Adware)
- How Does Malvertising Differ from Traditional Malware?
- How Can You Avoid Falling Victim to Malvertising?
What is Malvertising?
How Does Malvertising Work?
Malvertising, or malicious advertising, typically involves compromising legitimate advertising networks to insert malicious code into ads. When a user encounters these ads, the embedded code may automatically execute, leading to several possible outcomes:
- Direct Installation of Malware or Adware: The malicious code may directly install unwanted software on the user's device, often without their knowledge.
- Redirection to Malicious Websites: Users may be redirected to websites that host malware or phishing attempts.
- Exploiting Vulnerabilities with Exploit Kits: Attackers often use exploit kits to scan for and exploit vulnerabilities in a user's system. These kits can automatically execute and take advantage of unpatched security flaws.
- Drive-by Downloads and Forced Redirects: Malvertising can initiate 'drive-by downloads,' where malware is downloaded and installed merely by viewing an ad, without any user interaction.
- Use of Advanced Techniques: Malvertising can involve sophisticated tactics like spoofing, social engineering, and clickjacking, making it harder to detect and avoid.
How Is Malvertising Distributed?
Malvertising can be distributed through several sophisticated methods. For instance, attackers might use Malvertising is distributed through various sophisticated channels, often leveraging the complex ecosystem of online advertising:
- Compromised Ad Networks: Attackers infiltrate reputable ad networks to distribute their malicious ads to a wide range of websites.
- Drive-by Downloads: This technique involves embedding malware in ads that automatically download when the ad is loaded on a user's device.
- Use of High-Profile Cases: Notable examples like the 'RoughTed' campaign demonstrate the scale and impact of malvertising. These campaigns use exploit kits to infect users across major websites.
- Clickjacking and Deceptive Ads: Techniques like clickjacking involve disguising malicious elements as legitimate ads. Users interact with these ads under false pretenses, leading to malware installation.
- Compromised Websites: Campaigns like 'EITest' show the use of compromised websites, especially those built on popular platforms like WordPress, to spread malvertising.
What Types of Infections Can Malvertising Cause?
Malvertising can lead to various sophisticated malware infections:
- Ransomware: Encrypts user data for ransom (e.g., WannaCry).
- Spyware: Secretly monitors user activity.
- Adware: Displays unwanted ads, often intrusive and data-consuming.
- Trojans: Misleads users about its true intent, often leading to data theft or loss.
- Cryptojacking: Uses a computer’s resources to mine cryptocurrency without consent.
Real-Life Malvertising Examples
- The New York Times & BBC: These prestigious organizations faced malvertising through compromised ad networks, highlighting the difficulty of detecting such threats.
- CryptoWall Ransomware via Ads: This campaign used malvertising to distribute ransomware, encrypting users' files and demanding a ransom for their release.
- Spotify Free Malvertising: Users of Spotify's free version encountered ads leading to malicious sites, exemplifying the subtlety of malvertising attacks.
- Gooligan Malware in Google Play Store: Malvertising within the Play Store led to the download of the Gooligan malware, compromising Google accounts and devices.
- ZeroAccess Botnet: Distributed via malvertising, this botnet engaged in click fraud and Bitcoin mining, using infected devices' resources without consent.
Why Has Malvertising Risen Recently?
The surge in malvertising correlates with the COVID-19 pandemic. With increased digital engagement, the online landscape expanded, offering more targets for cybercriminals. According to a report by Cybereason, there was a 30% increase in malvertising attacks in 2020, coinciding with the pandemic's peak.
Malvertising vs Ad Malware (Adware)
Malvertising and adware are distinct. Malvertising is an attack launched via an infected ad, whereas adware is a program tracking web activity for ad display. All malvertising is inherently malicious, capable of controlling or altering systems. Adware, though concerning for data privacy, doesn't necessarily permit cybercriminals to control or modify systems. Some forms of adware are included in legitimate software, focusing mainly on ad display rather than harmful activities.
How Does Malvertising Differ from Traditional Malware?
Requires minimal or no user interaction, often just ad exposure
Often requires user action, like clicking a link or downloading a file
Subtle, through legitimate online ads
More direct, through email attachments, downloads, or infected websites
Harder to detect due to legitimate ad disguise
Easier to detect with conventional antivirus tools
How Can You Avoid Falling Victim to Malvertising?
For Ad Networks:
- Automated Scanning Tools: Use software to detect malware signatures in ads.
- Behavioral Analysis: Analyze ad behavior for any suspicious activity.
- Sandboxing: Test ads in isolated environments before publication.
- Manual Review: Check new ads manually, especially from new sources.
- Trusted Ad Networks: Work only with ad networks that have strong security measures.
- Regular Audits: Frequently audit ad content for security.
- Malware Scanning Tools: Use cyber security tools like Malwarebytes, Norton Antivirus, or Kaspersky for detecting and removing malware.
- Antivirus Software: Install robust antivirus programs like Bitdefender, McAfee, or Avast.
- Ad Blockers: Use ad blockers like uBlock Origin, AdBlock Plus, or Ghostery to prevent malicious ads.
- Update Browsers and Plugins: Keep browsers and plugins up to date to fix vulnerabilities.
Contributor - Shubham Kumar