Malvertising is a malicious form of advertising that spreads malware. Attackers inject malicious code into online adverts and victims clicking the advertisements end up infecting their systems with the malware. Attackers leverage malvertising to compromise victims’ systems, steal credentials, as well as take complete control of the infected systems.
According to the Wall Street Journal, malvertising costs the advertising industry $1.1 billion to investigate and remove the malicious ads.
How does it work?
Examples of malvertising
Example 1 - eGobbler group’s massive malvertising campaign
In February 2019, eGobbler group targeted US users’ personal and financial information with a massive malvertising campaign. The malvertising campaign recorded over 800 million malicious ad impressions.
Upon clicking the malicious ads, the victims were redirected to a wide variety of phishing sites where they were tricked into entering their personal as well as financial information such as names, addresses, contact information, payment card details, and more.
Example 2 - VeryMal malvertising campaign
In January 2019, researchers observed a malvertising campaign dubbed ‘VeryMal’ that targeted Mac users with Shlayer trojan. The campaign was conducted between January 11, 2019 and January 13, 2019. Researchers noted that the campaign is capable of infecting over 5 million Mac users per day.
How to stay protected?