Malvertising is a unique kind of online threat where malware is spread to users' devices through ads. In other words, advertisements act as carriers, transmitting harmful links via websites that users typically trust and regard as reputable. Malvertising Attack Methods and Effects Malvertising attacks are effective because they trick users into willingly clicking harmful links. Attackers study and infiltrate search focus groups that align with users' interests. As a result, users, driven by their passions and interests, end up downloading harmful content, unaware of the lurking threat. Attackers bypass the user's defense mechanisms because there are no immediate warning signs of danger from the website or search engine. In addition, the download of the malicious code does not happen right away. It is during the second stage, when the individual has psychologically let their guard down, that the harmful download occurs. Hackers often employ scripts and macros to carry out malvertising attacks. In particular, the attackers used to hone their techniques using Microsoft Word macros. Originally designed to boost productivity, macros have been manipulated by cybercriminals to serve their malicious purposes. As a result of this misuse, Microsoft decided to cease developing and promoting this potent functionality. However, getting rid of similar scripting mechanisms on the Internet turned out to be impossible. The inability to completely eliminate such scripts is a primary reason for the increasing commonality of malvertising attacks in recent times. Let's look at the example of a cyberattack. Attackers that mimic legitimate sites, offering downloads for popular applications. Currently, some of the most frequently targeted applications in search queries prone to malvertising attacks include TeamViewer, Tor Browser, Thunderbird, AnyDesk, Notepad++, etc. create phishing web pages The infection process starts as soon as the user downloads and installs the software from a fraudulent site. For example, alongside the legitimate version of Python, a Trojan-infected version is also installed on the operating system. This Trojan then establishes a , a favored tool among hackers. Using Cobalt Strike, attackers can gather information about the installed operating system, copy user data, and search for files, directories, and services that have poorly configured access controls, making them vulnerable to exploitation. connection with Cobalt Strike Using PsExec, , and BitsAdmin, attackers download additional tools. They can also escalate privileges within the system to execute their harmful code. There have been instances where the system's antivirus programs were either disabled or circumvented using specialized scripts, further facilitating the attackers' objectives. cURL Beyond attacks involving software downloads, malvertisers are also targeting various lucrative sectors of the online industry, such as entertainment and finance. They entice users to phishing sites where unsuspecting individuals believe they are investing their money into legitimate businesses. However, in reality, they are unwittingly handing over their funds directly to the hackers. Advertisements and the Malware Detection Challenge To place an advertisement in search results, you simply need to pay a fee and go through a preliminary verification process. The ease of implementing this procedure is well known. For example, in November 2022, it came to light that for the popular graphics editor GIMP in Google search results. Users would encounter these ads when they were searching for alternatives to Photoshop. The malicious ad initially included a link to the legitimate gimp.org website, but due to some internal manipulations, it redirected users not to the official site but to a fake one that was infected with a Trojan. cybercriminals were able to display online ads In response to this and other attacks, to the public. They emphasized the importance of using specialized software . In their guidelines, the FBI advised users not to click on links directly but instead to copy and paste them into the address bar to verify their destinations first. While it is difficult to assess the effectiveness of this protection method, it does offer a way to mitigate risks. the FBI issued recommendations called ad blockers It has been observed that there are persistent challenges in detecting malvertising code using antivirus tools. This issue is mainly attributed to the fact that, as reported by WatchGuard, a significant . According to the Threat Lab, the majority of malware operates covertly behind the protective cloak of SSL/TLS encryption, which is commonly used to establish secure connections to Internet resources. For this reason, the frequency of covert infiltration of malicious code is constantly growing. 93% of malware is currently concealed within encryption In 2020, a significant incident occurred where malicious links spread through . The malicious ads received hundreds of millions of views. Notably, the primary targets of these attacks were users of iOS and Android mobile devices. This highlighted the shift of malvertising attacks towards mobile platforms, catching many off guard. This is because mobile systems are protected in their own specific ways, and ads are typically enabled in most apps. over 120 compromised ad servers Evasion Techniques in Malvertising Attacks Clearly, when conducting malvertising attacks aimed at a specific group of victims, there must be a specific method for choosing these targets. Such a mechanism does indeed exist and is actively employed. Attackers employ a variety of tactics to evade detection for as long as possible. When selecting a method for delivering online advertising, they often use a camouflage approach. This involves tailoring content to match the user's interests, preferences, and location. In essence, you need a specific trigger that can effectively engage the right type of user while concealing the presence of malicious code during checks. To achieve this, various parameters provided by web browsers are utilized, including location data (such as country and city), the browser type (e.g., Chrome, Firefox, or search robots), IP address (whether it is private, corporate, or VPN), and the current time of day (whether it is working hours or the weekend). If any of these parameters do not align with the attack's objectives, the script displays a harmless page that does not raise suspicions and may even redirect to official websites. To evade detection by antivirus tools, attackers occasionally exploit limitations within software products. For example, many antivirus programs often postpone scanning large files, typically those exceeding 100 MB. Defending Against Malvertising With Ad Blocker Clearly, the most effective defense against malvertising attacks would be for the search networks to take action. However, Google and many websites rely heavily on revenue generated from ads. The owners of Internet resources are not inclined to combat malvertising even if it risks damaging their reputation. They often attempt to shift the blame onto ad networks. End users have the option to employ ad blockers on their devices. However, this approach also presents several challenges. Ad elements are often deeply intertwined with the page code, causing the site to function incorrectly when ads are removed. Furthermore, some website owners intentionally block users with ad blockers to safeguard their revenue. Securing Organizations from Malvertising Dangers The growing number of incidents prompted the US Federal Cybersecurity and Infrastructure Security Agency (CISA) to . However, CISA also warned that ad blockers would not serve as a complete solution to thwart malicious advertising. One of the reasons here is that some , ensuring that their ads will not be blocked. recommend that all government agencies implement ad blockers ad blockers accept payments from advertisers There is a proposal for both private and government organizations to adhere to industry security standards when using web browsers. The variety of web browsers and their different versions in use provides attackers with numerous avenues for exploitation. Another suggestion is to installed within institutions from the primary operating environment and operate them within sandboxes. Additionally, there is a recommendation to extensively leverage domain name system (DNS) technologies. isolate the web browsers Web content filtering can also be deployed to prevent malware from entering through online advertising and to neutralize data collection threats. To block undesirable traffic at Internet access points, some tools employ artificial intelligence to detect and identify threats. Protection Tips for Individual Users While ad blockers are good, to further strengthen your personal cybersecurity and protect against malvertising, it is crucial to employ additional methods. Here are some examples: Be cautious when clicking on any ads, especially on unfamiliar websites. Stick to trusted and reputable websites for your online activities. Learn to recognize common signs of malvertising, such as overly aggressive or suspicious ads, unexpected pop-ups, and requests for personal information. to encrypt your traffic and add an extra layer of security when browsing. Use a VPN Use reliable antivirus and anti-malware software, and regularly scan your computer for potential threats. Review and , such as access to your location, camera, or microphone, to minimize potential risks. restrict the permissions of browser extensions Consider disabling Java in your browser. Conclusion Malvertising methods are widely used to install malware. These attacks also extend to online platforms involving financial transactions, including retail, financial services, and the entertainment industry. Google Ads stands out as a prominent conduit for malicious advertising. Being aware of malvertising threats can diminish their impact, yet to ensure adequate protection, a combination of technical measures is essential.

This story contains new, firsthand information uncovered by the writer.

Read My Stories

Too Long; Didn't Read

Making security fun one episode at a time

Ad-ditional Hazards: The Deceptive World of Malvertising and How to Stay Safe

Too Long; Didn't Read

Alex Vakulov

STORY’S CREDIBILITY

Original Reporting

About Author

TOPICS

THIS ARTICLE WAS FEATURED IN...

Ad-ditional Hazards: The Deceptive World of Malvertising and How to Stay Safe

Too Long; Didn't Read

Alex Vakulov

STORY’S CREDIBILITY

Original Reporting

About Author

TOPICS

THIS ARTICLE WAS FEATURED IN...

RELATED STORIES