What is malvertising, and how does it work?
The term “malvertising” refers to malicious advertising that criminals use to steal data or install malware onto their victims’ devices. The attack can take different forms, but they all use online advertising as a way to snag the target.
An attacker will create a convincing advert containing hidden lines of malicious code. Then they’ll find a way to feature their content on a legitimate website or insert it on their own site. When a victim clicks on the ad, they’ll be directed to a dangerous server from which the rest of the attack will be launched.
Don’t assume that an ad is safe just because you trust the site that’s hosting it. In fact, malvertising has been found on a wide range of “safe” sites, from streaming platforms like Spotify to major online news outlets, including The New York Times and The Atlantic.
Malvertising falls into two broad categories, defined by the delivery method of the malware:
It’s a common misconception that malicious adverts are only a risk if you click on them. Advanced malvertising can bypass some ad-blockers or automatically initiate malware downloads if you’re just on the same page as them. This is referred to as drive-by-downloading, and it’s increasingly difficult to guard against.
Other adverts can be coded to trigger an auto-redirect. This will send you to a new page and force your device to connect to the attacker’s server.
Post-click is still equally dangerous, of course. If the attacker can lure you into clicking on the advert, you’re immediately at risk.
The damage of malvertising
When you click on the advert or are forcefully redirected, the next stage of the attack begins.
The server you connect to will contain an exploit kit, which activates on contact. Exploit kits are pieces of software designed to audit your system and search out any weak-spots. As soon as it finds vulnerabilities in your operating system or your browser, the attacker can install the rest of their malware. From that point on, they can do almost anything they want.
Unfortunately, there aren’t many sure-fire ways to avoid this threat. Some pre-click malicious adverts can even bypass ad-blocking, so effective prevention has to be a multifaceted strategy. That being said, there are ways to cover yourself as much as possible.
- Use an ad-blocker. It might not be 100% effective, but an ad-blocker will still significantly reduce your risks. With NordVPN’s Threat Protection service, you can block dangerous sites and limit advertising, giving you a cleaner, safer browsing experience. Malvertising can be extremely convincing: avoid the temptation to click by blocking them altogether.
- Antivirus software. Use antivirus software. It’s a smart move if you use the internet on a day-to-day basis, and it can limit the damage caused by malvertising. Keep your device protected and update the software as often as you can.
- Stay up-to-date. If an exploit kit searches your device for weaknesses, it’s going to be looking for outdated software. That’s why it’s important to keep your system up-to-date. It’s tempting to keep hitting “remind me later”, but installing security updates regularly is always best practice. That includes your operating system, your browser, and any browser extensions in use.
- Turn off auto-play. Go into your browser settings and turn off the autoplay function. This will neutralise any content that relies on video plugins. It’s a simple way to stop drive-by-downloads and limit your exposure.
- Be sceptical. Most malvertising is still post-click, so you can avoid the threat by not engaging with the adverts at all. Stop and think before you follow links and aggressively promoted content. Malicious adverts will often use urgent messaging, but you should always slow down and exercise some caution. A healthy dose of scepticism will go a long way to keeping you secure.
Use NordVPN’s Threat Protection feature to help protect yourself from malvertising. Try it risk-free with our 30-day money-back guarantee!