Malvertising: How to avoid falling for these malware-infested ads
Malvertising might sound like something out of a bad sci-fi novel, but in our modern digital age, online advertising is almost everywhere and malware is almost as ubiquitous. Whether you’re on social media, streaming, or reading the news, chances are you’ll come across digital advertising as you do so.
We warned you adware, but malvertising is another variant of infected ads. However, if you keep reading, we’ll show you what malvertising is and how to avoid it.
What is malvertising?
Malvertising involves using advertising to spread malware between devices. We are no strangers to digital advertising these days, and cyber criminals know it. So, using ads to distribute malicious programs makes it easier to trick the victim and the device they are using.
Malvertising is a relatively new player in the cybercrime game, having only been around for about fifteen years. But the dangers of this cybercrime tactic are obvious.
Well-crafted malvertisements can look like any other benign advertisement you might see online, be it a banner ad, a pop-up, or anything else. This means they can be difficult to spot. Those who create and distribute such content are referred to as “malvertisers”.
A malvertiser often submits their malvertisements to a third party who can view their content for them. The third party will probably have no idea that they are dealing with something harmful. But in reality, this malvertisement is then shared to everyone who comes across the third-party website and puts them at risk.
Alternatively, a malvertiser could compromise a third-party server to install malicious code in its advertisements.
The cornerstone of malvertising is the use of exploit kits or exploit packs. These are used by cyber criminals to exploit vulnerabilities on a target’s device. In short, they make it easier for an attacker to access and exploit systems.
Exploit kits are especially useful for those who don’t have a lot of technical knowledge. Contrary to popular belief, not all cyber criminals are tech-savvy, which has opened a loophole in the dark market. An exploit kit can greatly simplify the process of hacking into a device for the attacker.
The exploit process begins with a target page that contains code that can scan a target’s device for existing security vulnerabilities. If there is a vulnerability that can then be exploited, the attacker who purchased the exploit kit will be notified.
Exploit kits often use vulnerabilities in browser extensions such as Java and Flash to attack a system. If the exploit is successful, the kit can launch the malicious payload on the victim’s device, giving control to the attacker.
There are a number of notable malvertisement campaigns that have taken place in the past or are taking place. Take RoughTed for example. This massive malvertising campaign peaked in 2017 when it was first discovered. The operators of RoughTed managed to use a number of different techniques to successfully distribute malware.
One of the most worrisome things about malvertisements is that you don’t need to interact with them intensively for their malware to spread to your device. One click on the malvertisement is enough and the malware can be installed.
A number of different types of malware can be installed on a device via malvertising, including spyware, ransomwareand viruses.
So what can you do to avoid malvertisements and protect your devices?
How to avoid malvertising
Since it only takes one click to become a victim of malvertising, it’s important that you know how to avoid it.
Because malvertising uses exploit kits that scan for vulnerabilities, it’s important that you ensure your devices are protected as best as possible. This includes the use of best antivirus softwareFirewalls and removing software you no longer use.
It’s also important to keep your apps and operating system updated regularly. Updates can contain fixes for bugs and vulnerabilities that attackers can exploit. Keeping your programs and device up-to-date can help protect against malvertising.
Using some sort of ad blocker can also be useful as it will help you avoid ads in general and therefore reduce the chances of interacting with a malvertisement.
In addition, you should limit the use of extensions like Flash and Java and make sure they are only active when you use them. You can do this by enabling your browser’s click-to-play feature, which prevents such programs from running unless you want them to.
For example, Google Chrome has a click-to-play feature that works with all extensions. So consider using this feature to avoid malvertising.
Malvertising is common but can be avoided
Today, the risk of encountering malvertising should worry us all. But by taking the right security measures and staying vigilant online, you can reduce your chances of being hit by malvertising, which can help keep your device and data safe.