What is Malvertising? Preventing Advert Malware
Blog / What is Malvertising? Preventing Advert Malware
4 MIN READ
How Hackers Can Steal Your Data Using Adverts – Malvertising Explained
Adverts have become a common part of the modern web experience. Every site, every video, every search you are shown some kind of advert. Malvertising describes how hackers use this to their advantage by showing victims adverts laced with malware.
These ‘malvertisements’ are tricky, as they are often shown in places where ads would normally appear. Hackers use this to their advantage, showing malvertisements to as many people as possible. Once exposed to a malvertising attack, your computers, network, and data is at risk.
How Does Malvertising Work?
To know why malvertising can be so effective, you have to know how advertising generally works on the internet. Websites offer up portions of their space to advertising companies. Businesses who want to advertise their product pay these advertising companies to show their ads on these websites.
Malvertising works when the adverts aren’t vetted properly before they are shown on a website. Hackers can pay these advertising companies to display their malvertisements on websites. In most cases, websites don’t even know they are hosting these malicious adverts.
When a victim visits a website hosting malvertisements, they are immediately put at risk. When your computer displays an advert, it has to communicate with multiple servers. For example, your computer needs to be sent information from the website, the advert company, and the server that hosts the advert. Through malvertisements, hackers can hijack these communication channels. These passive malvertisements can be used to redirect you to a scam website or inject your browser with malicious code.
Some malvertising relies on the user interacting with the ads. These active malvertisements are scam ads that try to get the victim to click on the ad. They will usually offer something too good to be true in the hopes that many people will click through. Clicking on these ads directs the victim to phishing sites or malware download links.
Malvertisements to Look Out For
As mentioned, malvertisements come in two forms – active, and passive. Passive malvertisements do their work as soon as the victim sees the ad. The active form requires some kind of interaction from the victim’s side. Knowing the tell-tale signs of these malvertisements can help you stay protected. Here are some examples:
Giveaway Scams
Most people have seen this type of scam before. An advert will be displayed on a site offering something for free – usually a giveaway or a prize. This is usually a form of active malvertisement, as they are trying to tempt the victim into clicking on the advert. Clicking on this link usually redirects the victim to a site trying to steal data, and in some cases may inject code into their web browser.
Monetary Scams
This is another form of active malvertisement. Like the giveaway scams, these ads offer something too good to be true. Usually, this is some kind of survey or ‘side hustle’ scheme that advertises quick cash. Clicking on these ads can lead to stolen information, especially if you enter information into the surveys they provide.
Steganography
This is one of the more prolific forms of passive malvertisement. Hackers can edit the code of images that are displayed as adverts. These edited images can then inject malicious scripts into the victim’s browser when they view the ad. We have a guide to understanding stegomalware – maliciously edited images – here.
Scareware
Scareware ads claim that your device has been infected or is in danger. Clicking on scareware ads sends the victim through to a scam website offering a solution to the problem. This download will likely be some form of grayware used to harvest data from the victim’s computer.
How to Prevent Malvertising
- Keep browsers up to date. Most modern browsers have security features in place that help protect you against malicious ads. Make sure any web browsing software is up to date. Outdated web browsers likely have security flaws that allow hackers to exploit them.
- Consider an adblocker. By blocking adverts, you are less likely to see malvertisements. Adblockers are tricky, however. Since adblockers are usually free, some of them can turn out to be malicious. Some modern browsers have adblocking baked into them. Consider using a trusted browser that includes an adblocker as they have fewer risks than adblockers downloaded from the internet.
- Learn what malvertisements look like. Malvertisements usually have a distinct look. They may look unprofessional and include spelling and grammar mistakes. Malvertisements almost always offer something outlandish to bait your click. If an advert is offering something too good to be true, it is likely a scam.
- Avoid clicking on ads in general. Ads are designed to be tempting to click. If you see an ad that piques your interest, it is worth looking up the ad online. If the advertising is legitimate, you will likely find their website on a search engine. This bypasses the risk of an advert being malicious.
- Avoid downloading software from ads you click on. Often, malvertisements want you to download something. If you click on an ad and it asks you to download something, there is a good chance it is a scam.
- Use an antivirus. Antivirus software is a good fallback measure. If you happen to download any potentially unwanted program (PUP) or malware from a malicious ad, an antivirus can help you remove it. Most antiviruses will also prevent your computer from downloading the malware in the first place.
Securiwiser Can Help
If you are concerned about your business’s cybersecurity, Securiwiser is here to help. Improving your network’s cybersecurity will make it much harder for hackers to steal data if you happen to fall victim to a malvertising attack. Securiwiser’s goal is to provide you with all the knowledge you need to protect your business.
Securiwiser evaluates your network’s cybersecurity and tells you what needs to be improved. We offer real-time security monitoring meaning you are always in the know. Learn how to protect yourself against cyberattacks today by clicking here for a free evaluation.
Previous Article
How to Identify a Spoofing Attack?Next Article
What is Cybersecurity?How secure is
your school?
Blog categories
How secure is
your school?