Malware is increasingly being spread through fraudulent ads, a practice known as malvertising. Full-page promises of large cash prizes attract unwitting victims, as do ads that have already shipped malicious software as soon as the user sees them.
Malware spreading through merely seeing banner ads has been active for some time. For example, the Angler Exploit struck Yahoo in 2015, among others thereafter. The most dangerous thing about this is that the user can’t know that this banner will pop up when a Web page is opened. SiliconANGLE cites research by the Digital Citizens Alliance from 2021 that found that criminal exploits of ads bring in $1.3 billion in annual revenue.
Even distribution through the big ad players
Malvertising can even take place within “digital walled gardens” in the ad industry, including the services of Google, Meta and Amazon. John Murphy, CSO at Confiant, notes that these platforms actually have end-to-end control over what ads users see coming by. Nevertheless, these services attract so many malicious users that there are always a few that get past the preventers unseen. In doing so, attackers theoretically reach billions of individuals. Still, through the targeted advertising capabilities herein, one can subselect to create specific fop ads for an audience more likely to click on them.
Nation-states
The economic uncertainty since the war in Ukraine has made companies less eager to buy ads. The Trustworthy Accountability Group argues that this has led to malvertisers being able to strike more effectively for lower prices. This party claims that generative AI will also further drive the practices of malvertisers.
In addition, nation-states are said to be increasingly using malvertising to spy on foreign countries. Among other things, Russia is said to be targeting Ukrainian residents with malware via targeted ads. However, as is often the case with cybercrime, it is difficult to determine that a nation-state is behind the attacks. Often reports then do firmly imply this, with evidence that the group of attackers appear to be primarily based in a particular country and operate in a highly coordinated fashion.
Also read: Chrome can now take down malware masquerading as an extension
1 day ago
