“Dangerous ads just by looking at them” How malvertising works and how to deal with it

While you are surfing the web, your PC suddenly slows down and an unknown pop-up window appears. Your personal data has been stolen. Do you think this is something out of a cybercrime movie? This is the reality of malvertising. Malvertising is an invisible threat that can cause a lot of damage by hiding behind harmless advertisements. Here, we will learn how malvertising works and how to avoid it.

What is malvertising?

Malvertising, short for ‘malicious advertising’, is the practice of using online advertisements to spread malware or redirect users to malicious sites. Cybercriminals can also place malicious advertisements on legitimate websites that users visit every day. Even if users do not click on the advertisements, their devices can become infected with malware.

How Malvertising Works

Online advertising is a complex structure with many different advertising entities, processes, and services working together. As a result, there are numerous vulnerabilities that cybercriminals can exploit. The typical malvertising attack procedure is as follows:

1. Buy advertising space : Cybercriminals purchase advertising space directly from websites or through advertising networks. These networks act as intermediaries between advertisers and website owners, providing a platform for buying and selling advertising inventory.
2. Infected Ad Distribution : Cybercriminals create ads that appear to have harmless images and/or text, but actually have malicious code hidden in the background. These ads are usually placed in ad space purchased on legitimate websites.
3. Infection when loading ads : When you visit a legitimate website, there is no way to know if the ad is malicious. However, as soon as a malicious ad loads, the malware contained in that ad can be activated in a number of ways.

• Click-based infection : Clicking on the ad activates the malicious code and downloads malware onto your device.
• drive-by download : You don’t even have to click on the ads. Just loading the ads will execute the malicious code and install the malware.

There are also ways in which malware is not downloaded. Malware intercepts browser requests and redirects them to fraudulent websites. This is called a malicious redirect.

Differences from adware

Malvertising and adware are often confused with each other. Here are some key differences:

• Adware : For adware to activate, your PC must already be infected with malware. Once infected, ads appear in unusual locations, such as browser pop-ups or system notifications.
• Malvertising : It is spread through legitimate websites. There is no need for separate malicious software to be installed on the victim’s computer for malvertising attacks. As explained above, infections often occur without the user doing anything.

Different Types of Malvertising

There are several methods used to carry out malvertising attacks. Here are three of the most common:

• Steganography : A technique to hide malicious code in an image that appears harmless. It changes a few pixels so that the difference is invisible to the human eye. The code runs in the background.
• polyglot image : It contains both the malware and the scripts required to execute the code, making it particularly dangerous as it can trigger multi-layer attacks.
• Tech Support Scams : Malicious ads hijack your browser and ask you to call a hotline, where the scammer then asks you for money or personal information.
• Scareware : Pop-up ads claiming that your computer is infected with a virus and asking you to download a ‘solution’, but the solution is either useless or malicious in itself.
• Reward Offer Scam : These ads offer high rewards for simple tasks like taking surveys or writing reviews, but in reality they steal the user’s personal data or install malware.
• Fraudulent software updates : It prompts you to download an update file that appears to be needed, but actually contains malware.

Why Malvertising Is Dangerous

The biggest threat to regular users is theft of personal data. Cybercriminals can collect personal information from users through spyware installed via malvertising. Or they can trick users into entering their login credentials through fake websites, which they can then use for other purposes. Some attackers can also use malvertising to distribute ransomware. Ransomware encrypts files on a user’s computer and demands a ransom in exchange for decrypting them.

In some cases, a single infected device from a user using a corporate network can compromise the entire network of a company or organization, causing serious damage.

How to prevent malvertising

The most basic safeguard is a reputable antivirus software such as AVG Internet Security, Bitdefender Total Security, or Norton 360 Deluxe, which provides real-time protection against cyber threats including malware.

Regular software updates are also essential to fix any vulnerabilities that you may have discovered and to protect your system from new threats. Keeping your software up to date is always important to prevent attacks.

Another option is to use a browser that specializes in security. Browsers with built-in ad blockers and real-time protection, such as AVG Secure Browser, prevent malicious ads from loading in the first place. Ad blockers minimize the risk by blocking ads before they reach your device. You should also disable unnecessary browser plug-ins and regularly update the ones you absolutely need. Browser plug-ins can be gateways for malware, so it’s best to use trustworthy plug-ins whenever possible.

It also helps to develop safe web browsing habits. Check HTTPS encryption and full terms and conditions pages to spot fake websites, and learn how to identify phishing attacks and other scams.

How to Respond When You’re Being Malvertised

The first rule is always the same: stay calm. Then take the steps one by one.

1. To protect your personal data, do not log in to important accounts until the malware has been removed.
2. Disconnect from the Internet to prevent the malware from transmitting data and causing further damage.
3. Restart your device in safe mode. This will safely scan your system and isolate any potential threats.
4. Use Disk Cleanup or a similar tool to delete all temporary files that may be malicious.
5. Check for suspicious programs that may indicate malware. To do this, open Task Manager and look for programs that are using an unusually large amount of memory or CPU power.
6. Run a malware scanner to identify and remove infected files.
7. Restore your browser to its normal state by reinstalling it or removing unwanted plug-ins.

These measures will help minimize the risk of harm from malvertising, keep your devices safe, and protect you from potential attacks. Most importantly, always stay vigilant.
editor@itworld.co.kr