Malvertising: What is it and how to stay protected from it?

• Attackers inject malicious code into online adverts and victims clicking the advertisements end up infecting their systems with the malware.
• According to the Wall Street Journal, malvertising costs the advertising industry $1.1 billion to investigate and remove the malicious ads.

Malvertising is a malicious form of advertising that spreads malware. Attackers inject malicious code into online adverts and victims clicking the advertisements end up infecting their systems with the malware. Attackers leverage malvertising to compromise victims’ systems, steal credentials, as well as take complete control of the infected systems.

According to the Wall Street Journal, malvertising costs the advertising industry $1.1 billion to investigate and remove the malicious ads.

How does it work?

• Attackers inject malicious code into legitimate looking adverts and run the ads in trusted third-party websites luring users into opening the ad.
• Attackers could also inject malware into online advertising networks.
• Upon opening the malicious ad, users are redirected to a phishing page where users are asked for their personal and financial information.
• In other instances, upon clicking the malicious ad, malware gets downloaded into the system.
• Once the malware gets executed, it compromises the infected system.
• In some cases, user action is not at all required. Pop-up ads that contain malicious content drops the malicious payload directly into the users’ system.

Examples of malvertising

Example 1 - eGobbler group’s massive malvertising campaign

In February 2019, eGobbler group targeted US users’ personal and financial information with a massive malvertising campaign. The malvertising campaign recorded over 800 million malicious ad impressions.

Upon clicking the malicious ads, the victims were redirected to a wide variety of phishing sites where they were tricked into entering their personal as well as financial information such as names, addresses, contact information, payment card details, and more.

Example 2 - VeryMal malvertising campaign

In January 2019, researchers observed a malvertising campaign dubbed ‘VeryMal’ that targeted Mac users with Shlayer trojan. The campaign was conducted between January 11, 2019 and January 13, 2019. Researchers noted that the campaign is capable of infecting over 5 million Mac users per day.

How to stay protected?

• It is best to install ad blockers in order to stay protected from such attacks.
• Experts recommend staying away from clicking on ads, even if it is from legitimate website.
• Users are always recommended to update all their systems and browsers. It is also best to update the plugins.