Contact Us

Malvertising

Malvertising

What is it and how can we defend against it.

Malvertising, short for malicious advertising, is a cyberattack technique where malicious code is embedded into online advertisements. These ads are then distributed through legitimate advertising networks and displayed on trusted websites, making them particularly deceptive and dangerous. When a user views or clicks on a malvertisement, it can trigger the automatic download of malware, redirect the user to a malicious site, or exploit vulnerabilities in the user’s browser or device.

Here's how it works:

Malvertising typically involves the following steps:

  1. Creation of a Malicious Ad
    Cybercriminals design an ad that appears legitimate but contains hidden malicious code or links.

  2. Ad Network Distribution
    The ad is submitted to a legitimate ad network, which unknowingly approves and distributes it to high-traffic websites.

  3. User Exposure
    When a user visits a site displaying the infected ad, the malicious code may execute automatically (drive-by download) or prompt the user to click.

  4. Payload Delivery
    The ad may install malware, redirect to phishing sites, or exploit browser vulnerabilities to gain unauthorised access.

Malvertising is particularly dangerous because it can affect users without any interaction – just loading the page can be enough to trigger an attack.

Common threats delivered via Malvertising

  • Ransomware: Encrypts files and demands payment.
  • Spyware: Monitors user activity and steals data.
  • Trojans: Creates backdoors for remote access.
  • Adware: Bombards users with unwanted ads.
  • Exploit Kits: Scans for and exploits software vulnerabilities.

Where is it found?

Malvertising can appear on:

  • News websites
  • Social media platforms
  • Video streaming sites
  • Online forums
  • Mobile apps

Even reputable websites can unknowingly host malvertisements due to the automated nature of ad networks.

How to Protect Against Malvertising:

  1. Use Ad Blockers
    Tools like uBlock Origin or AdGuard can block malicious ads before they load.

  2. Keep Software Updated
    Regularly update browsers, plugins, and operating systems to patch vulnerabilities.

  3. Enable Click-to-Play for Plugins
    Prevents automatic execution of Flash or Java content.

  4. Install Antivirus and Anti-Malware Software
    These tools can detect and block threats in real time.

  5. Use Secure Browsers
    Modern browsers like Chrome and Firefox offer built-in protections against malicious scripts.

  6. Avoid Suspicious Websites
    Be cautious when visiting unfamiliar or untrusted sites, especially those offering free downloads or pirated content.

FETCH AN EXPERT
Tagged