Malvertising is the abbreviation for “malicious ads.” It’s a method for cybercriminals to spread malware (malicious software) via advertisements on websites and apps. Malware refers to any code, script, command, or piece of software designed to carry out a cybercrime or other malicious act. When malware is disguised as an advertisement, it is referred to as a malvertisement.
We’ll go into what malvertising is, how it works, and how you can defend yourself from it in this post.
What Constitutes a Cyberthreat in Malvertising?
Malvertising is the term for malicious ads that appear to be legitimate. These ads infect legitimate websites with malware. Malvertising is complicated by the fact that consumers may not be able to tell the difference between true and fake advertising. After all, why would users doubt the authenticity of an ad displayed on a website they trust?
If malware infects your computer, it can do the following:
- Gain unauthorized access to your device,
- Crash your system,
- Monitor your actions and capture sensitive information (such as passwords),
- Encrypt and steal your data via a ransomware attack,
- Use your device as part of larger botnet attacks against others, and
- Engage in other harmful activities.
Scammers pay for ad space on well-known websites, inject malicious code into the ads, and then post them. The advertisements appear to be authentic, enticing, and come from a reliable source. The host website owner may or may not be aware that malvertising is being displayed on their site.
It’s possible that an ad on a reputable website promising “25 percent off iPhones for Amazon Prime customers” is a malvertisement. You will not be guided to the official Amazon website if you click on one of these advertisements. Instead, it could send you to a malicious website or download malware to your machine. This is bad news for you in any case.
There are some of the well-known websites that have previously been targeted by malvertising:
- Yahoo.com,
- Spotify,
- London Stock Exchange,
- MySpace,
- The New York Times,
- Hindustan Times
6 Types of Malvertising
Malvertisements come in a variety of sizes and shapes. Hackers can also use iframes (which we’ll explore shortly) to create invisible malvertisements!
1. Content/Text-Based Malvertisements
Malicious codes are normally inserted in simple text-based ads on host websites, usually in the sidebars or the main content body. Malvertising may also be embedded in funded article material by hackers.
2. Banners
Attackers create promotional banners in such a way that website users are enticed to click on them. In addition to impersonating legitimate businesses and organisations, attackers may use their logos and product images to gain people’s trust.
3. Video Ads
To draw users’ attention, attackers create eye-catching video advertisements. These malware-infected videos may appear to be legitimate product/service advertisements, or they may include clips from video games, popular sports, celebrity interviews, breaking news, and other sources.
4. Animated Ads
When creating animated/motion advertisements, attackers use Java scripts or the Flash player to inject malicious code.
5. Inline Frames (iFrames)
One of the HTML features that developers use to showcase content from one platform to another is an iframe. However, attackers take advantage of the iframe function by setting the dimensions to 0 x 0 pixels. This means that visitors to the website will not be able to see any content, but the content will still be accessible on the host website. Malware is downloaded automatically after visitors spend a few seconds on the website or click on the iframe-inserted part by mistake.
6. Popup Ads
Popups are tiny windows that appear unexpectedly when visiting a website. Malvertising is done by popups. Popups for fake virus infections and free virus removal tools are very popular. Attackers can display popups for surveys, polls, coupon codes, limited-time deals, free items, free subscriptions, and other offers.
How Attackers Publish Malvertisements On Legit Websites?
Why would any trustworthy platform enable scammers to post compromised advertisements on their site, you may wonder? After all, this could tarnish their image! The thing is, online advertising has a lot of layers and complexities — there are a lot of pages, networks, and servers involved. Let’s take a look at how hackers get malware advertising on legitimate websites.
1. Use Third-Party Ad Distributors to Extend Their Reach
Scammers put their advertisements on legitimate websites using third-party ad distributors like Google Ads (AdWords), AdPlugg, Propeller Ads, and others. These third-party advertising sites have vast networks of businesses who want to publish advertisements and website owners (publishers) who want to make money by showing ads. According to VentureBeat, Google serves 30 billion ads a day, and no one is going to scrutinise each ad’s code.
The attacker creates a free account on such platforms, creates some malware-laden ads, bids for keywords, and determines the regular budget and target audience, just like every other advertiser. On their vast network of websites, ad distributors view advertisements based on web visitors’ surfing habits (including highly reputed ones). This is how the attackers get their advertisements to appear on well-known websites.
Cybercriminals have been known to steal legitimate ads from well-known businesses. However, instead of connecting to those legitimate organisations, they would connect to their malicious websites.
2. Rent Space Directly to Display Malvertising
Some website owners (social media platforms, well-known blogs, video streaming platforms, and so on) rent out space on their sites to advertisers. They can choose to do this instead of joining third-party ad distribution networks in order to supplement their income.
Many of the following are shown by advertisers on leased spaces:
- Ad banners,
- Videos,
- In-line text ads, or
- Even sponsored articles.
Advertisements can be posted in a Q&A format on certain discussion sites, such as Quora and Reddit. They charge fees depending on the amount of views, clicks, or a percentage of the transaction, as well as the time slot (weekly, bi-weekly, or monthly).
In the beginning, attackers usually use benign ads to gain the trust of the host platform, and then they start using malware in the ads.
3. Take Advantage of Vulnerabilities on Host Platforms
Some hackers manipulate websites with poor security postures to view their malicious advertisements. The affected website owners are unaware that such advertisements are being shown on their pages, and they are not compensated for them.
Examples of How Malvertising Works
You might be wondering what happens if you click on a malicious advertisement. Let’s look at some real-life and hypothetical examples of how attackers might defraud you.
Hackers Use Malvertising as a Malware Delivery System
Viruses, worms, trojans, and rootkits are examples of malware that can be spread through malvertisements. Infected ads download malicious code or software to website visitors’ computers, allowing them to carry out various cyber-attacks against them.
Example 1: Malvertising Causes Users to Unknowingly Download Computer Viruses
Bob is looking for a decent offer on a new mobile phone and is looking online. On a deal-sharing website, he sees an ad that says, “40% off any Samsung phone!” He becomes enthralled and clicks on the advertisement, which directs him to a legitimate-looking ecommerce site. The message “Sorry, we are out of stock” appears when the page loads.
Bob closes the tab, frustrated, and continues his quest for a decent mobile discount. Bob, on the other hand, is unaware that he will not be returning completely empty-handed. He accidentally downloaded a deadly virus onto his computer when he clicked on the advertising. This nefarious software easily crashes his entire system and steals all of his personal information!
Example 2: Hackers Trick Users into Downloading Trojans via Malvertising
As Alice is browsing through her social media page, she comes across a video ad for a fun computer game. She clicks on the ad to play it because she’s bored. She receives an error message claiming that the game can only be played with the most current edition of Flash Media Player. A connect to the new Flash player is also included in the post. As a result, Alice clicks on the provided connection and completes the installation process on her computer.
Alice has no idea that it was a trojan that was impersonating the media player. A trojan is malicious software that is disguised as a legitimate computer programme, application, or file in order to trick users into installing it. She has unknowingly installed and triggered a trojan malware that can steal all of her data, lock files, and take over the entire device.
Malvertising Leads Users to Phishing Sites
In phishing attacks, the attacker poses as a legitimate organisation or individual in order to defraud users. Phishing will take place via emails, phone calls, SMS, Wi-Fi routers, and websites, among other methods. Users are routed to phishing websites that appear to be replicas of well-known, legitimate websites. Phishing websites can trick users into downloading and installing malicious software or stealing personal and financial information.
Example of How Malvertisements Make Users Victims of Phishing Attacks
John was reading an interesting article on the internet when he came across an advertisement for Macy’s new store credit card, which offers a 20% discount on all purchases made at their stores. John is a frequent shopper at Macy’s, so he clearly wants to take advantage of this offer. He clicks on the commercial, goes to what he thinks is the Macy’s website, and fills out a form to get a new store credit card.
After submitting the form, John receives notice from Macy’s that his new card will be shipped to his home shortly. What John doesn’t understand is that the website to which he submitted the form was a phishing site that looked similar to Macy’s original site. And instead of Macy’s, the hackers have all of his personal information (name, email address, phone number, physical address, and current credit card information), and they will soon make him a victim of identity theft or financial fraud!
Mavertisements Spread “Drive-by” Malware
Even if website visitors don’t click something or push the download button, some forms of malvertisements automatically download malware into their computers. Drive-by malware is so called because it doesn’t require any user intervention and instantly instals. Malvertising is one of the many ways that drive-by malware spreads.
Inserting drive-by malware into a clean and reputable site is very difficult. As a result, the attackers rent ad space and embed drive-by malware in the advertisements.
Example of How Malvertisements Deliver Drive-by Malware
Todd is the owner of a popular travel blog that receives over a million visitors per year. Todd was taken aback when he received an angry email requesting that he “STOP SPREADING VIRUSES!” It didn’t end with one text, though. Within 24 hours, he had received over 30 angry emails from people complaining about “suspicious app downloads” as they went to his website.
“How come I spread malware when I don’t know a single line of code or anything about hacking?” he wondered anxiously. I just use a simple WordPress platform to build my blog content.”
Todd has no idea that the guy who pays him $100 a month to post a hotel advertisement on his blog is a hacker and the true perpetrator of all this mayhem. He used advertisements to inject the drive-by malware into the blog. When a website user visits Todd’s blog, the drive-by malware is unintentionally downloaded to their computers.
People who are complaining are the fortunate ones that have security tools that can detect malware insertion. The majority of the unlucky website visitors, on the other hand, are totally unaware of the download and have become victims of a drive-by malware attack.
Hackers Use Malvertising to Distribute Exploit Kits
An exploit kit is a tool for finding and exploiting software or programme flaws. Software vulnerabilities are weaknesses or defects in software that hackers can exploit to inject malware into victims’ computers. Exploit kits include special code that can search the systems of the linked host, identify vulnerabilities, and deliver payloads based on the type of vulnerability. Malvertisements are often used by attackers to spread exploit kits.
Example of How Malware Trick Victims into Downloading Exploit Kits
Eva was watching a video on the internet when she saw an ad that said, “Is your computer getting slow?” It may be the result of a virus infection! Scan your computer for FREE today!” Since she was irritated with her painfully sluggish laptop, Eva immediately clicked on that ad. The free antivirus software began scanning her laptop right away, as promised by the advertisement, and it did so without costing her a single penny!
What Eva doesn’t realise is that the protection programme is really an attack kit that is scanning and identifying bugs in all of the applications she has installed. The exploit kit finds numerous vulnerabilities and injects malware into her apps, browsers, and software!
7 Malvertising Protection Tips
You should have a clear understanding of what malvertising is and how harmful it can be by now. Let’s look at some simple ways to keep your computer safe from advertising.
Malvertising Protection Tips for Website Visitors
1. Use cybersecurity tools to assist in the identification of threats: The first line of protection against malvertising would be antivirus, antimalware, and anti-spyware applications. Some systems are based on signatures, while others are based on actions. These programmes will warn you if something downloads to your computer. They will also check all of your downloads and installations for malware and delete it from your device.
2. Perform a manual scan of the systems to look for unauthorised programmes and files: Check your installation folder, C:/Program Files (x86), and C:/Windows/Temp folders manually for any unknown or suspicious applications, files, or apps. If you come across an app that you didn’t download, do some online research on the app’s manufacturer/developer. You’ll be able to verify the program’s legitimacy this way.
3. Using ad-blocking software: There is adblocking software and browser extensions available on the market that effectively block advertisements. They block all sorts of ads, whether they’re good or bad.
4. Keep your system patched with new software: Keep all of your software modules, programmes, browsers, and operating system up to date. Older versions also include security flaws that attackers may use to infect your computers and IT systems with malware.
5. Be cautious when browsing the web: If you are redirected to a page, double-check the URL to ensure you are on the company’s official site. Conduct a separate Google search if you’re uncertain about the company’s web address or find product costs, promotions, or other facts suspicious or “too good to be true.”
You can also search the website and organization’s details in the SSL/TLS certificate by clicking on the padlock sign in the address bar. Of course, if the platform doesn’t use one of these licences, it should be a warning sign.
6. Only download browser plugins, media players, or modified versions of any software from their official websites (avoid downloading from third-party sites). For example, if the game you’re trying to play online says it requires the latest version of Chrome, go to google.com/chrome and download the most recent version of your browser.
Instead of clicking on the ad if you see a popup indicating that your machine is infected with a virus, search your computer with your trusted antivirus or anti-malware programme.
Malvertising Protecetion Tips for Website Owners
7. Using legitimate website scanners to constantly track, search, identify, and delete malicious codes from your website. As a result, if malware-laden advertisements have been inserted, these types of scanners will easily identify them until it’s too late.
Using a website vulnerability scanner tool like HackerProof Trust Mark is also a smart idea. It’s a site seal that also performs regular vulnerability scans and makes remediation recommendations. As a result, in addition to providing visual guarantees of security to your clients and users, it also provides you with actionable intelligence about how to enhance your site’s security.
8. Restrict the file types that can be displayed in ads: Limit the file types that can be displayed in ads. Make sure that any code, including Javascript, is prohibited.
9. As soon as the updates are available, instal them: Maintain the most recent versions of all plugins, themes, and software on your website so that no one can hack in and insert malvertisements.
Malvertising vs. Adware: What’s the Difference?
While the words “malvertising” and “adware” are sometimes used interchangeably, they have distinct meanings. Adware is malware that pushes out ads that are mostly harmless, whereas malvertising applies to ads that deliver malware (albeit annoying). Adware is a form of advertising-generating software that continuously displays unwanted advertisements that lead to spammy websites. It’s worth noting, however, that these advertisements can sometimes be harmful, as they can lead to malicious websites.
Did you know that in certain cases (though not all), publishing software that includes adware is legal? This enables businesses to monitor users’ geographic locations and serve ads based on that information. This is a method for software developers to generate pay-per-click (PPC) or pay-per-view (PPV) revenue. Adware, on the other hand, becomes illegal when it crosses those boundaries, such as:
- Displaying popup ads in windows you can’t close or exit,
- Delivering malware,
- Tracking your actions or behaviors, and
- Stealing data such as users’ personal information or login credentials.
Of course, if you’re unsure if any adware you want to use is legal or not, you can speak with a lawyer who specialises in these issues. (We do not have legal advice.)
Although users only see malicious advertisements when visiting affected websites, adware is installed on the user’s browser or computer. As a result, even though you aren’t visiting any websites, adware displays unwanted ads on your device’s home screen.
Because malvertisements appear on legitimate websites, anti-malware software has a hard time detecting them. Adware, which is often detected under the name of a potentially unwanted application, is easy to identify and delete with security software (PUP).
Malvertisements, in short, are much more risky and disruptive than adware.
Wrapping Up on Malvertising
In general, we advise people to stay away from malicious websites and not to download anything that appears to be malicious. However, in malvertising, the host websites are reliable, and the ad material also tends to be harmless. As a result, even the most diligent people fall victim to such assaults. As a result, the only way to know if you’re downloading tainted content from the internet is to use comprehensive protection tools.
It’s also a good idea to keep all of your security components up to date and use ad-blocking software. If any of your website users complain about malware, take their complaints seriously and check all of your ads. If you’re using third-party ad networks, report the problem as soon as possible.