March 2, 2020

Ads Can Be Dangerous Too: How to Protect Yourself From Malvertising

Malvertising is a practice of spreading malware through malicious advertisements. In other words, what might seem like an innocent ad is, in reality, a scam, a virus, or an unwanted piece of software.

And the worst part? If you frequent the world wide web on a regular basis, it may not even take any action on your part for malware to find its way onto your device. Even the so-called “safe” websites you visit daily can serve one of these ads without being the wiser.

So today, let’s take an in-depth look into:

  • what malvertising campaigns do,
  • how to recognize one,
  • different ways you can protect yourself.

Malvertising – How Does It Work?

On the surface level, malvertising looks like typical online advertising. If an ad distribution network allows for it, cybercriminals can use javascript to distribute the infected text or image-based ads through it.

Sometimes, the ad network doesn’t do its due diligence to verify their ad campaigns to make sure they’re malware-free. Other times, they don’t care about it as long as they can make a quick buck.

How to Recognize Malvertising?

Sure enough, cybercriminals have more than one trick up their sleeves to spread malware.

For instance, they may design their ads to be provocative, thus enticing you to click on them. Of course, it is the goal every advertiser wants to achieve, and you can’t blame them for this alone. It gets problematic when such click-baiting tactics are used for spreading malware.

Have you ever seen an ad shaped like an alert that warns you about a supposed infection that’s already present on your device? In some cases, these proceed to offer you a free antivirus program to mend it right after. The reality is, there’s no way for these ads to know whether you’re infected or not. But one thing is for sure; the software they’re offering does not have your best interests at heart. More often than not, it is a form of malware. If you fall prey to such social engineering, don’t be surprised if something nasty finds its way onto your computer.

ransomware, virus, malware

It’s easy enough to recognize the first trap once you know what to look for. But the second malvertising method is much more nefarious in comparison. It goes by the industry name of drive-by-download. It includes taking advantage of a compromised webpage to deliver malware through an invisible web element. This one is tough to spot even if you were to inspect its source code. Once you load it up, the malicious code scans your browser and software for vulnerabilities and attempts to access your machine.

Other variants of malvertising include:

  • get-rich-quick schemes,
  • dodgy offers and lottery scams,
  • fake software installs,
  • tech support scams,
  • fake software updates,
  • etc.

What Can You Do to Protect Yourself Against It?

Whether you’re using a mobile or desktop device, make sure to update it often and keep your software up to date as well. In case there’s any of it you’re not using frequently, it’s best to uninstall it. Malvertising exploits like to take advantage of any security holes they may find in it.

It goes without saying that you should think twice before clicking anything online. If an ad promises something that appears too good to be true, it probably is, so avoid it. Be skeptical. Ask yourself whether the ad comes from a reputable brand and if there’s a sense of urgency; be on your guard.

Stick to installing updates and software from official sources only. That way, you protect yourself against fraudulent software installs. Also, you stay safe from those who masquerade as a legitimate developer.

Protect yourself from advertisers tracking you by disabling third-party cookies and using a reputable VPN software like NordVPN. In essence, retargeting is a way for advertisers to target you once again after you’ve viewed their offer or become their customer. If you disable third-party cookies, they can’t track you via cookies. If you use a VPN, it foils their efforts to track you via your IP address as well.

Then, you should install a javascript-blocking browser plugin. If you’re using Firefox, NoScript is one of them, but there are plenty of alternatives as well. Couple it with an ad-blocking plugin, and you will extinguish the threat before it even becomes a reality.

Last but not least, be sure to have an antivirus suite installed and run it every once in a while. That way, even if something manages to get past through other defenses, you can clean up your computer to prevent it from doing further damage.

Conclusion

Whether you’re using a desktop PC or a smart device, common sense goes a long way. Combine it with the rest of the things discussed today, and it should be more than enough to stay safe from all forms of malvertising.

About the author 

Imran Uddin


{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}