What is Malvertising

Nowadays advertising is part of nearly every online activity we do. This constant presence has created a new cyber threat called malvertising, where harmful code is hidden in digital ads and often shared by trusted networks, making them harder to spot.

In today’s digital world, ads are everywhere - on streaming platforms, social media, and news sites. Malvertising is advertising with a hidden danger. A combination of "malicious software" and "advertising," malvertising is a new cyberattack method. This is when hackers hide harmful code in legitimate-looking ads, which can install malware on your device or trick you into visiting fake websites where cyber criminals can attempt phishing or social engineering attacks.

The omnipresence of online ads fosters a false sense of trust making malvertising a growing threat. Hackers can target third-party ad servers to insert harmful code into ads shared by trusted providers. These malicious ads might appear on popular, well-known websites, making them seem safe to click. Even big organizations can unknowingly spread malvertising, showing how hard it is to spot and prevent these threats.

Malvertising on Facebook or other social media

Cybersecurity experts recently discovered malvertising in job ads on Facebook and other social media. Clicking these ads secretly installed a type of malware called "stealer" on victims’ devices. This malware collected login details and sensitive data, which hackers could use to take over accounts or sell the information online.

What Does Malvertising Mean and How Does It Work?

Derived from the combination of the words "malicious software" and "advertising," malvertising is a fairly new cyberattack method hiding in plain sight. It involves embedding malicious code within digital ads, which are often distributed to unsuspecting users through legitimate advertising platforms, making them extremely difficult to detect. When a victim interacts with such an ad, the malicious code may install harmful software on their device. In other cases, the ad could redirect the victim to a fraudulent website, where attackers attempt phishing or social engineering attacks.

Possible Consequences for Victims

While convincing victims to click on malicious links is not a groundbreaking tactic—think of the annoying pop-ups that plagued the early days of the internet—this new evolution of the technique poses a much more sophisticated risk. The widespread presence of online ads creates a false sense of security. If attackers manage to compromise a third-party ad server and embed malicious code into ads distributed by a trusted provider, these harmful ads can even appear on high-profile and seemingly secure websites.

This situation may seem risk-free to potential victims, who might feel safe clicking on seemingly legitimate ads. There have been cases where prominent organizations have inadvertently distributed malvertising through compromised ad networks, highlighting just how difficult it is for these entities to detect such threats.

 

4 hacks to protect yourself from Malvertising

There are some steps you can take to reduce the risk of falling victim to malvertising:

  1. Keep your devices always up to date to have a better chance of detect any malicious software that may get installed on your device.
  2. Update your software: ensure that all your software (mobile or pc), including any plugins and extensions, is updated regularly.
  3. Check URLs: when redirected to a website always check that the URL matches your expectations and ensure it uses HTTPS security protocols.
  4. Be cautious: is an offer seems too good to be true? Keep in mind that fraudsters use excellent offers to trick victims into providing personal and financial information, such as credit card details.

 

Want Extra Protection? Choose SICURNET, MyCRIFData’s service that monitors your data, alerts you if it’s compromised by cybercriminals (even on the Dark Web), and provides assistance when needed!