While most cyberthreats are relatively easy to spot, some are so elusive that victims only find they’ve been infected when it’s already too late. One such threat is malvertising.
Malvertising, short for malicious-advertising, describes the use of digital online ads to spread malware. Attackers basically find a way to compromise the digital ad network that serves content on legitimate sites used by millions of people worldwide every day.
Infected ads
Attackers breach the ad network and taint the ads with malicious code as they’re about to be served to you. They can inject data-stealing malware, banking trojans, spyware, ransomware… you name it. All the user has to do is click the ad to get infected – IF no anti-malware mechanisms are in place on their computer.
Other times, attackers redirect the user to a spoofed site to execute a social engineering attack – i.e. phish their personal data, passwords, credit card data, etc.
Or they may use an exploit kit designed to capitalize on existing vulnerabilities on the target system. In this case, attackers can deploy virtually any kind of malware, such as ransomware.
Less common attack vectors include drive-by-downloads, forced redirects or tinkering with JavaScript and Flash to serve malicious content without interaction from the user.
Two ways to fight back
Infections delivered via malvertising travel silently through the digital ads we see every day on various websites, so it’s extremely easy to get infected if we don’t have the proper defenses on our computers or phones.
An ad blocker greatly reduces the chances of ads downloading malware onto your device. But many people prefer not to bother installing one – or they simply find the ads relevant.
That’s why using an antivirus remains the only real defense against this elusive and highly dangerous threat. If by any chance you do land a cyber threat from a tainted ad – or from anywhere else – your security solution will kick in.