Malvertising, or malicious advertising, is a cyber-attack in which the perpetrator adds malicious code into trustworthy websites and social media networks. The code directs users to malicious software or sites that compromise their online security.
This type of cyber-attack is usually confused with adware, a type of malware affecting online ads. They differ in terms of:
- Method of attack: Malvertising adds malicious code on a reliable publisher’s web page. Adware is usually packaged with legitimate software and is installed without the user’s knowledge.
- Source of attack: Malvertising runs only when the user is viewing an infected web page. Adware operates continually on a device once installed.
How Malvertising Works
Malvertising uses the same methods that deliver online ads. They submit graphic or text ads to legitimate ad networks that often can’t tell harmful ads apart from reliable ones.
Online crooks determine the type of device you’re using, its software, and your location to create tailored and seemingly harmless campaigns. These can be:
- Bogus surveys
- Fake software updates
- Lottery offer
- Tech support scams
Cybercriminals mostly target Windows users because of the operating system’s massive user base. However, Apple Mac, iOS, and Android users are just as vulnerable to malvertising.
The Effects of Malvertising on Your Device
What makes malvertising dangerous is that it looks like your regular ads like pop-ups, banner ads, and paid ads. A perpetrator using malvertising can perform attacks such as:
- Malicious software: Unwanted software that operates on your device after installation.
- Malicious crypto mining: The perpetrator uses your device to mine cryptocurrency and send the coins to their own account.
- Ransomware: The perpetrator locks you out of your device and forces you to pay a ransom in exchange for returning access.
- Spyware: Malware that monitors your activities on the device without permission and reports it to the perpetrator.
- Virus: Malware that infects other programs in your device with bits of code.
Although publishers are aware of the problem, they have difficulty testing for or blocking malicious ads. Ad networks have no control over what users see on sites since they display ads based on real-time bidding from various online advertisers.
As an end-user, you can lessen the risk of being attacked by malvertising by:
- Update your device. Install the latest security patches on your operating system, applications, and web browsers. Remove any software you don’t need.
- Double up your protection. Look for the latest ad blockers, antivirus software, and memory protection applications for extra protection from malvertising. These types of software have additional benefits, such as reducing the cookies loaded on your device and protecting your privacy.
- Think before you click. Always be skeptical about pop-up offers and suspicious notices.
- Enable click-to-play plug-ins. Click-to-play plug-ins prevent Flash and Java from running unless you enable them.
- Scan your system regularly. Use a quality cybersecurity program that periodically checks your system for malicious software.
Malvertising will continue to be a problem for many years, and it might take some time before publishers and cybersecurity companies find a complete solution to get rid of it completely. Although it’s not easy to identify malicious ads at first glance, the best thing you can do is to equip your device with the best protection so your device and files are safe.