While most cyberthreats are relatively easy to spot, some are so elusive that victims only find they’ve been infected when it’s already too late. One such threat is malvertising.
Malvertising, short for malicious-advertising, describes the use of digital online ads to spread malware. Attackers basically find a way to compromise the digital ad network that serves content on legitimate sites used by millions of people worldwide every day.
Attackers breach the ad network and taint the ads with malicious code as they’re about to be served to you. They can inject data-stealing malware, banking trojans, spyware, ransomware… you name it. All the user has to do is click the ad to get infected – IF no anti-malware mechanisms are in place on their computer.
Other times, attackers redirect the user to a spoofed site to execute a social engineering attack – i.e. phish their personal data, passwords, credit card data, etc.
Or they may use an exploit kit designed to capitalize on existing vulnerabilities on the target system. Again, attackers can now deploy virtually any kind of malware and access sensitive files on the target system, like personal photos and videos, and copy those files to later extort the victim.
Less common attack vectors include drive-by-downloads, forced redirects or tinkering with JavaScript and Flash to serve malicious content without actual interaction from the user.
Infections delivered via malvertising travel silently through the digital ads we see every day on various websites, so it’s extremely easy to get infected if we don’t have the proper defenses on our computers or phones.
An ad blocker greatly reduces the chances of ads downloading malware onto your device. But many people prefer not to bother installing one – or they simply find the ads relevant.
That’s why using an antivirus remains the only real defense against this elusive and highly dangerous threat. If by any chance you do land a cyber threat from a tainted ad – or from anywhere else – your security solution will kick in.
tags
Filip has 15 years of experience in technology journalism. In recent years, he has turned his focus to cybersecurity in his role as Information Security Analyst at Bitdefender.
View all postsDecember 24, 2024
December 19, 2024
November 14, 2024