Online advertisements are often disruptive and interrupt users' browsing experiences. However, they serve as a primary source of funding for the free websites people use daily. Taking advantage of the widespread presence of online ads, hackers can easily spread malware or carry out security breaches, such as stealing personal information or attacking users' server systems through fraudulent ads. These types of ads are often considered malvertising—deceptively disguised to make them difficult to recognize, increasing the likelihood of users falling victim to cyberattacks. Let’s explore malvertising in more detail and learn effective ways to prevent these attacks in the article below.
What is malvertising?
Malvertising, or malicious advertising, is a form of cyber attack that exploits online ads to illegally distribute and install malware on users’ computers. These deceptive ads are designed to lure users into clicking on them or unknowingly loading them in their browsers. Once activated, malvertising can silently install malicious software, collect personal data, or lead to more severe cyber threats such as spyware infiltration or data theft.
Additionally, malvertising often employs social engineering tactics, using persuasive language and eye-catching visuals to create a sense of urgency or fear, prompting users to act without verifying the legitimacy of the linked website. These attacks are becoming increasingly sophisticated as cybercriminals leverage artificial intelligence (AI) and trusted platforms like Facebook and other social media networks to distribute harmful content. This allows them to reach a broader audience, making it harder for users to distinguish between legitimate and malicious ads. Threat actors behind malvertising often disguise themselves as reputable advertisers by using advanced techniques such as phishing, token theft, or information-stealing malware to infiltrate legitimate ad accounts. By bypassing conventional security measures, they can conceal their identities and avoid detection.
How does malvertising work?
Malvertising can spread malware to a user’s device even if they don’t click on the ad, making it particularly dangerous as there may be no visible signs of deception. The distribution of malware through malicious ads generally falls into two categories:
- Pre-click malvertising: This is the more dangerous form of attack, as users don’t need to take any action for their devices to be infected. Once the ad loads in the browser, the embedded malicious code can automatically execute and spread malware to the device. This type of attack is especially difficult to detect and prevent.
- Post-click malvertising: In this case, users are tricked into clicking on an enticing ad, which then redirects them to malicious websites. These sites deploy malware onto the user’s system or steal personal data through phishing tactics. This method often preys on psychological triggers, using irresistible offers or deceptive promotions to lure victims into clicking.
Malvertising can introduce adware or inject malicious code that alters router settings within the system. Once activated, it enables cybercriminals to install additional malware on the infected device, including ransomware, botnets, and financial data-stealing programs. These threats can compromise sensitive information, putting users at risk of identity theft and financial fraud.
Three common types of malvertising attacks
1. Scam malvertising
Attackers display deceptive ads with messages like, "Your computer is infected with a virus! Call us now for immediate support!" When victims call, scammers persuade them to install software that grants remote access to their computers. Once inside, they overwhelm the victim with misleading information, making them believe the issue is too complex to fix on their own. Eventually, the attackers demand payment to "resolve" a non-existent threat.
2. Fake installer malvertising
This method delivers malware directly to victims by impersonating legitimate software providers. Attackers distribute modified versions of popular software containing malicious code designed to steal information or gain unauthorized access. For example, QuickBooks is commonly used as bait—malicious ads are promoted alongside legitimate QuickBooks links, leading victims to a fake QuickBooks website where they download an infected installer. Fake browser extensions work similarly, tricking users into installing them to steal sensitive data such as browsing history, passwords, and credit card details.
3. Drive-by-download malvertising
This form of malvertising doesn’t require user interaction—simply loading the ad in a browser is enough to install a web extension or download malware. Cybercriminals exploit unpatched browser vulnerabilities, relying on users who fail to keep their software updated. As a result, regularly updating your browser is crucial to protecting your system from newly discovered security flaws.
How to prevent malvertising attacks?
To protect yourself from malvertising, follow these essential security measures:
- Keep your software updated: Regularly update your browser, operating system, and security software to patch vulnerabilities that malvertising often exploits.
- Avoid clicking on suspicious ads: Do not click on ads that urge immediate action, promise large rewards, or display unusual warnings about your device.
- Verify URLs carefully: Before clicking on an ad, double-check the URL to ensure it belongs to an official and trustworthy website.
- Use security software: Implement robust security solutions, including firewalls and antivirus programs, to detect and block malicious code.
- Enable two-factor authentication (2FA): Strengthen your account security with 2FA using a hardware security key like YubiKey, which provides phishing-resistant protection and ensures maximum user safety.
See more: YubiKey