- Malicious advertising or malvertising is a popular method of hiding malicious links in generic ads.
- Malware or auto-redirect links are hidden in advertisements even in legitimate domains.
- Malicious advertising is also being used for drive-by cryptojacking campaigns putting internet users at massive risk.
Malicious code injected into advertisements is an issue all internet users face on various websites, especially on file sharing sites. Malware downloads and auto-redirect links are also present in fake “play” and “download” buttons to mislead users. According to a report by GeoEdge, malicious advertising has cost advertisement networks approximately $1.13 billion this year.
GeoEdge revealed that the steganographic method is the most popular method used by cybercriminals deploying malicious advertising. Malicious files can be hidden in images, messages and video content that can force-download exploit kits. The report also talks about how malvertising has spread from forcing downloads and auto-redirects to spreading ransomware and cryptojacking campaigns.
According to GeoEdge “last year auto-redirect malvertising attacks cost publishers $210 million and marketers $920 million, resulting in a $1.13 billion annual loss for the online advertising ecosystem. That number will be 20-30% higher next year according to the number of such attacks being seen via GeoEdge’s Real-Time Blocking solution.”
Malicious advertising is not limited to file-sharing and torrent websites only; it has affected websites like NY Times, Facebook, MSN, AOL among others as well. A lot of internet users opt for ad-blockers, and it hurts the legitimate advertising industry adversely. Malvertising has become commonplace in file sharing websites because of legitimate advertisers backing out of illegal file-sharing platforms.
Attackers are able to cover their tracks through code obfuscation to hide malicious ads in seemingly innocent content. With advertisements becoming very risky to click, users are more hesitant than ever to open ads. Google has taken up the initiative to remove all misleading ads from Chrome in an upcoming update. Some browsers are also implemented ad blockers to protect their users, which can hurt legitimate advertisers even more in the process.