Malvertising. commonly referred to as malicious advertising, is a new cyberattack technique that involves injecting malicious codes into digital ads. This kind of attack is difficult for publishers and internet users to detect because the infected ads are sent to customers via genuine advertising networks.
The ads are also displayed on every page of a website putting the viewers at risk of infection. Cybercriminals spread malware through commands, scripts, software, and codes.
How does malvertising work?
The malicious advertisements spread malware through networks and legitimate websites. Malvertising becomes tricky because users cannot distinguish between genuine ads and fake ones. Users often assume that they can trust any ad displayed on a genuine website.
The malware can get into your device and crash your entire system. It can also monitor your actions and get hold of your sensitive information, such as phone numbers, addresses, usernames, and passwords. Some malware is known to steal or encrypt data through a ransom attack or engage in more harmful activities.
Implementing browser isolation technology could keep your browsing activities secure and prevent web codes from running on your devices. The unique browser isolation key features help to prevent cyberattacks, including malware, from impacting your internal networks and other devices.
Video stuffing is a cyberattack where an attacker runs video ads or displays creatives that look legitimate. They load several video ad tags to create a specific impression on the background while making those impressions invisible to the users. The bad video actor intends to sell video ad impressions to users looking to advertise their products or services.
The actor intentionally misuses the purchase of a video ad slot by pretending to be showing many videos. You will initially be unaffected by the ad until it starts to slow down your web page. It may appear like you are using an outdated device or one that is incompatible with your existing software. Attempting to load multiple videos at the same time can significantly affect the page load speed, causing the site to error out.
Focus stealer attack
Another popular form of malvertising is focus stealer. This attack uses a trick to change the browser “focus” and trigger an action from the end users. When filling out a document or form on a website, you are supposed to click on a field to input your details.
When you finish keying in the details, your browser will release a “focus” from the digital form allowing the website to trigger events based on the change of focus. The browser should eventually validate the form field- this includes checking for any details you may have omitted. The attackers take advantage of the fact that you are looking for any alerts about any missing fields.
Focus stealer works as follows:
- An attacker creates a text field on a webpage you cannot see.
- The attacker will provide a field “focus” in your browser
- If you tap or click anywhere outside the invisible field, this will appear as a change of focus
- A hacker will trigger the attack by redirecting your move to the web page.
Just like many other malvertising attacks, it is difficult to tell whether you are doing anything at all. Safe frames within Google Chrome can help to protect against focus stealer attacks, but you need to combine them with other security procedures.
This attack uses a display banner ad to display a video that does not match the details of the ad. Just like video stuffing, the in-banner video is about capturing deceitful ad views and collecting money from unsuspecting advertisers for non-existent video views. The attack may be frustrating to service providers who don’t want videos to be displayed in a banner slot.
The attack becomes more serious when used as a technique to sneak in the types of ads that a user may not want to be displayed.
For example, if you don’t permit political ads, this approach would make it appear like you are displaying a non-political ad.
Redirect-Style attacks are prevalent and exhibit different techniques to result in a common goal as other attacks. The ultimate goal of this attack is to redirect you to a malware page. They will collect your personal information and use it for malicious purposes.
Redirect-Style attacks may use a similar approach to video stuffing by collecting money from buyers for non-existent ad impressions. Ultimately, these attacks become profitable, making them very common among publisher websites.
Popup ads are tiny windows that quickly open up whenever you are browsing a web page. Cybercriminals use these ads for malvertising to defraud unsuspecting users. The most popular forms of popup ads include the free virus removal tools’ popups and Fake virus infection.
Sometimes cyber criminals may display popups for polls, surveys and coupon deals, or free products for a limited period. The popup can create an impression that you are the lucky winner of a gift card, but this is simply a malvertisement.
A clickjacking attack develops a transparent and clickable overlay written in the form of code that is typically invisible to the end user. After clicking on that code or tapping it on your mobile, you become a victim of the attack.
An ad creative may load in an ad unit space, but the hackers are taking advantage of clicks across the page area. The goal is to force the user away from the website. This may appear like an auto-direct because it is not easy to tell whether you have clicked on anything.
A typical example of clickjacking is when links are hidden under a media to trigger an action, such as ordering goods on Amazon. You must meet some conditions for the attack to be successful, such as being active on social media accounts.
Cybercriminals use different techniques to direct malicious ads onto websites. The above forms of malvertising may change with time because attackers are always looking for new ways to defraud users. Understanding malvertising attacks will help you to know who the attackers are and design effective strategies to safeguard your devices and the network.