Online advertisements can be an annoying interruption to our normal browsing habits. However, they are often necessary because they are the main source of funding for the otherwise free websites we use every day. Have you ever wondered how those ads end up on your screen? Well, there’s a fascinating supply chain behind the ads, and it’s interesting to pick it out.
Typically, a website that serves advertisements does not manually select the specific advertisements displayed on its platform. Instead, it chooses which ad categories to block, allocates ad space, and then displays the ads offered by its ad provider. Advertising sellers are responsible for finding advertisers and websites to display their advertisements. But what if these advertisers are not legitimate? What if they are bad actors or scammers looking to lure potential victims with seemingly legitimate software or help you repair your computer? This malicious use of advertisements is called malvertising.
Malvertising uses many of the same tactics as social engineering, relying heavily on persuasive language and eye-catching images to create a sense of urgency or fear. This encourages victims to act quickly without inspecting the legitimacy of the website linked in the ad. Malvertising attacks are becoming more sophisticated, with cybercriminals exploiting trusted platforms like Facebook and other social networks to distribute malicious content. By exploiting the trust and reach of these platforms, attackers can reach a wider audience and potentially compromise more victims. It also makes it harder for users to distinguish between legitimate and malicious ads.
To add to the complexity, threat actors employ techniques to hide their identity and evade detection. This may include social engineering tactics such as phishing, token theft, or information stealers to gain access to legitimate ad accounts. By hijacking trusted accounts, attackers can bypass security measures designed to prevent malicious organizations from purchasing advertising space.
Leads threat operations and internal security at Huntress.
Three common types of malicious attacks that users should be aware of are:
Fraudulent advertising: Attackers will display ads with language similar to “Your computer is infected, call us immediately to fix it!” “. Once a victim calls, the scammers usually convince them to install software to initiate a remote control session of the victim’s computer. They will then overwhelm the victim with misinformation, hoping to make them believe the situation is too complex to understand, and then ask them to pay money to remedy the non-existent security issue.
Fake malicious installer: A common technique that sends malware directly to the victim, posing a greater threat. Attackers disguise themselves as legitimate software vendors to deliver a modified version of the software that usually includes an information stealer or initial access mechanism. These attacks aim to catch the victim while they are in a hurry to install the software. We often see QuickBooks used as a lure, with attackers sponsoring malicious ads designed to be displayed alongside legitimate QuickBooks links. The malicious ads then lead to a cloned QuickBooks website that serves users as a compromised installer. Likewise, fake browser extensions imitate legitimate extensions, tricking users into installing them. Once installed, they can capture sensitive data including browsing history, passwords and credit card information, exposing individuals and businesses to significant risks.
Malicious advertising by download: These malicious ads require no engagement from the viewer; just load them into your browser to install a new web extension or download malware. This tactic relies heavily on the victim not keeping their browser up to date and using already known and patched vulnerabilities. There’s a reason your browser keeps asking you to update it; These updates protect the browser against newly discovered weaknesses. Keep your browser updated and don’t make the work of attackers easier.
Avoid attacks
To avoid falling prey to malvertising attacks such as fraudulent malvertising, it is essential to think critically before engaging with suspicious advertisements. If you receive an ad claiming you are a victim and need to call for help, stop and ask if the statement makes sense on its face. How would this provider know that you have a virus on your computer? Does Microsoft actually have a staff division that proactively buys advertising space to notify its customers that there may be a virus on their computer? While answering these questions usually requires at least some level of technical acumen, there are other telltale signs that an ad may be a scam. Many of these scams claim to come from Microsoft support or their security team. Check where the advertising is going to take you. If the domain isn’t www.microsoft.com, you can almost guarantee it will be a scam, especially when paired with a message claiming it is urgent or extremely critical.
To avoid falling victim to malicious ads, you need to be attentive, take a moment to stop and think about the claims an ad makes, make sure you are redirected to a legitimate site, and click the “upgrade” button. “date” every time it appears in your browser. To defend against malvertising, advertisers should implement more rigorous controls on advertisers and their content to ensure their legitimacy. Additionally, employees should be trained to identify suspicious emails, websites, and online advertisements, allowing them to avoid falling victim to these attacks. Threat actors are increasingly using legitimate tools for malicious purposes, including ads. A healthy dose of skepticism never hurt anyone, so the next time you see a suspicious ad, be careful and make sure it’s legitimate before clicking on it.
We have presented the best professional VPN.
This article was produced as part of TechRadarPro’s Expert Insights channel, where we feature the best and brightest minds in today’s technology industry. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you would like to contribute, find out more here:
