Malvertising: What You Need To Know To Prevent It


Ads can be annoying, and they can also be dangerous to your cybersecurity. By simply visiting your favorite daily news website, you can become a victim.

Malvertising is a type of cyberattack when fraudsters insert malicious code into advertisements to inject malware onto a user's device. By viewing or clicking an ad, you risk losing control of your device and data, as well as experiencing reduced performance from your desktop or mobile device.

Read on to learn more about the different types of malvertising, their examples, and most importantly, ways to protect yourself against it.


How does malvertising work?

Malicious advertising can occur in different ways, but its main purpose is to inject an ad with malicious code, so that website visitors who click on an ad are redirected to malicious websites or infect their devices with malware.

To create ads, scammers hide lines of malicious code in JavaScript that are prone to vulnerabilities.


When we talk about malvertising, we could divide it into two parts:

Pre-click

Post-click


Malicious pre-click advertising


With pre-click malware, you can be redirected to a malicious site or become the victim of an unintentional download attack that refers to unintentional malware downloading to your device when you view an advertisement on a website.

Pre-click malvertising is dangerous, as it isn't much it can do. Malicious ads can appear on widely known and trusted websites, such as The New York Times or The Atlantic, that were previously involved in this type of fraud.


Malicious post-click advertising


As the name suggests, post-click advertising requires you to click an ad to initiate a malware download on your device or a redirect to a malicious website. Although there is an additional step you need to take, post-click malware is just as dangerous as pre-click advertising. In this case, scammers can take control of your device and inject it with different types of malware, for example, spyware and adware, or use it for malicious purposes, for example, cryptojacking.

With spyware, scammers can take over your device's camera and microphone, as well as track sensitive information you enter while browsing. After having access to your data, cybercriminals use it to steal your identity.


Another type of malware that scammers use is adware. By installing ad display software on your device, scammers make money from every ad you see. Since they commit the same cybercrime many times, they tend to benefit financially. While at first glance this type of adware is not as dangerous as spyware, it is still considered a cybercrime.


Cryptojacking, also known as malicious crypto mining, occurs when scammers install encryption mining software through malicious advertising on your computer. After that, cybercriminals start mining cryptocurrencies using the processing power of your device, which slows it down. Most of the time, victims do not realize that malicious software has installed on their device.


Most famous examples of malvertising worldwide


To see that malvertising isn't something only suspicious websites are prone to, let's look at some of its most famous cases.


Yahoo case


In 2015, Yahoo users suffered from one of the first known malvertising attacks. The scammers managed to get the space for malicious ads on the website by trying to install malware on users' devices.

Cybercriminals took advantage of the Adobe Flash vulnerability to install a combination of ransomware and ad fraud.


Yahoo was informed about the fraud by an anti-malware software company Malwarebytes and removed the malicious ads.


Spotify case


Spotify was also involved in the malvertising scandal in 2016, as some advertisements in the app were infected with malicious code.

Once some of the Spotify users clicked on the ads, they were redirected to suspicious pop-ups.

Other users experienced malware installation attempts.

The music streaming platform was informed about the fraud by its users and soon after it resolved the issue.


The New York Times and BBC


In 2016, major news websites, including The New York Times and the BBC, were targeted by a malvertising attack.

After clicking on the ads, users were redirected to malware pages that included the Angler exploit kit, which was intended to force the installation of crypto locker-style software. With this type of malware, the hard drive is encrypted and users must pay in bitcoins for scammers to unlock it.

This attack lasted around 24 hours.


COVID-19


Finally, it is important to note that malicious advertising has been on the decline in recent years, yet it returned as strongly as ever in 2020. And as in many cases this year, Covid-19 is to blame.

With the news of Covid-19 occupying the media this year, scammers took this opportunity to inject ads apparently related to Covid-19 with malicious code, so that concerned readers would be sent to malicious websites or install malware on their websites. computers.


How to prevent malicious advertising


Given that online giants, such as The New York Times or Spotify, have suffered from malicious ads, it is clear that the measures taken by scammers are improving by the day. However, there are some steps you can take to increase the likelihood of staying safe while browsing.


Use and update your antivirus software


Using a high-quality antivirus program is one of the first steps you should take when working on your cybersecurity. Keeping it up-to-date is the second, especially when it comes to preventing malvertising.

When trying to avoid malicious advertising, make sure you are not being fooled by rogue security applications. While they claim to protect you, they may be spying on you; Only use trusted vendors for your cybersecurity.


Consider using ad blockers


While relying solely on ad blockers isn't enough, it's a great starting point. This online tool blocks pop-ups and banner ads, making you less likely to suffer from malicious ads.

However, what you should be aware of is that scammers have already found solutions against ad blockers. Therefore, using them with other tools (such as antivirus programs) is the only way to go.


What's more, you should judge ad blockers with a grain of salt. While using it will prevent you from seeing advertisements that may be infected with malicious code, it hurts the advertising industry in general.

By installing an ad blocker in our browsers, we cut the revenue from the sites. While some publishers may not feel the dire consequences, others will suffer greatly. Alternatively, you can opt for ad filters, such as uBlock Origin or Ghostery.


Update your browser and uninstall its plugins


Keeping your browser up to date is vital as it is vulnerable to unauthorized download attacks. The sooner you take care of all those necessary updates, the better.

When it comes to browser plugins, you must uninstall Flash and Java completely. The latter is no longer supported and the former is scheduled to end its life at the end of 2020. Therefore, to avoid security vulnerabilities in your browser, please uninstall these add-ons as soon as possible.


Conclusion


Malicious advertising is difficult to detect and ugly to deal with. However, taking a few steps ahead of time can work as prevention and reduce the harm you may encounter by becoming a victim.

As we prepare to face the second wave of Covid-19, we can be sure that malicious advertisers are not wasting their time either. Just like they did in the spring of 2020, they will return with malicious tactics that we must be prepared for.

Comments

Post a Comment

Popular posts from this blog

Be Careful With Postal And Parcel Applications

Image
As we order more online, attack vectors for hackers become more obvious Cybercriminals know how to capitalize on changes in society, and the resurgence of a long-feared strain of mobile malware shows that hackers are adapting to the way we all shop. FakeSpy, an Android-based mobile malware strain that first emerged in October 2017, has made a comeback in recent months. When it first rose to prominence in 2017, FakeSpy initially targeted users in South Korea and Japan. But the new use is going global, according to cybersecurity researchers Cybereason Nocturnus: It has been seen in China, Taiwan, France, Switzerland, Germany, the United Kingdom, and the United States. The malware hides in applications that claim to be those endorsed by postal services and courier companies operating in those countries, requesting permission to access SMS messages and other data, including contact lists. Hitting people where it hurts The attack vector is logical, given the strange times we live in. Blocka
Read more

HOW TO INCREASE THE FOLLOWERS IN INSTAGRAM USING MOBILEPHONE

Image
                                 INTRO: The most popular method to increase followers in insta is"inshackle"there are certain steps to be followed for using this tool step 1: install "Termux" app in your mobile phone.  step2: Open the app and type  "pkg update"and type enter. step3: After updated type "pkg install git"and type enter  to install the github. step4: After the github is installed type " git clone https://github.com/cyberkallan/inshackle-  bot"and type enter. step5: After completion type "       cd inshackle-bot" and type enter. step6: Finally type " bash inshackle.sh" and type enter. step7: After it loaded type "02" and type enter to activate the mode of increasing followers. step8: Then type the "user name" and "Password" as per it ask and press enter. u can see lively that your followers are increasing. This is the efficient and popular way to increase followers using you
Read more