All You Need To Know About Malvertising And Ways To Stay Protected Against It

• Attackers inject malicious code into online legitimate adverts and victims clicking on the malicious advertisements end up infecting their systems with malware.
• In the case of ‘Pre-click malvertising attacks’, or ‘drive-by downloads’, user action is not at all required. Pop up ads that contain malicious content drops the malicious payload directly into the users’ systems.

What is Malvertising?

Malvertising is a malicious form of advertising that spreads malware. Attackers inject malicious code into online legitimate adverts and victims clicking on the advertisements end up infecting their systems with the malware. Attackers leverage malvertising to compromise victims’ systems, steal credentials, as well as take complete control of the infected systems.

Numbers that matter

• According to the Wall Street Journal, malvertising costs the advertising industry $1.1 billion to investigate and remove the malicious ads.
• Meanwhile, ad verification company GeoEdge reported that malvertising attacks cost $1.13 billion per year.

How does malvertising work?

• Attackers inject malicious code into legitimate-looking adverts such as giveaways or gift card offers and run the ads in trusted third-party websites tricking users into opening the ad.
• Attackers could also inject malware into legitimate online advertising networks.
• Upon opening the malicious ad, users are redirected to a phishing page where they are asked for their personal and financial information.
• In other instances, upon clicking the malicious ad, malware gets downloaded into the system. Once the malware gets executed, it compromises the infected system.
• In the case of ‘Pre-click malvertising attacks’, or ‘drive-by downloads’, user action is not at all required. Pop up ads that contain malicious content drops the malicious payload directly into the users’ systems.

Some prominent malvertising attacks

Publishers targeted in GhostCat malvertising campaign

In October 2019, researchers spotted a new malvertising campaign that waged 13 attacks against hundreds of well-known publishers with the GhostCat-3PC malware. The malware initiated a fraudulent pop-up after scanning the users against a list of targeted domains. Once users clicked the malicious pop-up, the malicious content gets dropped into their systems.

eGobbler’s malvertising campaign

In February 2019, eGobbler group targeted US users’ personal and financial information with a massive malvertising campaign. The malvertising campaign recorded over 800 million malicious ad impressions. Upon clicking the malicious ads, the victims were redirected to a wide variety of phishing sites where they were tricked into entering their personal as well as financial information such as names, addresses, contact information, and payment card details.

How to stay protected?

• Researchers recommend using the “click to play” option on your browsers that turns off automatic downloading and execution of plug-ins.
• It is always best to install ad blockers in order to stay protected from such attacks.
• Experts recommend staying away from clicking on ads, even if it is from a legitimate website.
• Users are always recommended to update all their systems and browsers. It is also best to update the plugins.
• Organizations are advised to educate their employees about malvertising and how to identify malicious ads.