Banner ads, sidebars, and pop-ups are everywhere online, from mainstream news sites to less-than-legal torrent hubs. Most are just colourful distractions but some are malvertising ads created for the sole purpose of infecting your device with malware and viruses. So what is malvertising and how can you prevent it?
The term “malvertising” refers to malicious advertising that criminals use to steal data or install malware onto their victims’ devices. The attack can take different forms, but they all use online advertising as a way to snag the target.
An attacker will create a convincing advert containing hidden lines of malicious code. Then they’ll find a way to feature their content on a legitimate website or insert it on their own site. When a victim clicks on the ad, they’ll be directed to a dangerous server from which the rest of the attack will be launched.
Don’t assume that an ad is safe just because you trust the site that’s hosting it. In fact, malvertising has been found on a wide range of “safe” sites, from streaming platforms like Spotify to major online news outlets, including The New York Times and The Atlantic.
Malvertising falls into two broad categories, defined by the delivery method of the malware:
It’s a common misconception that malicious adverts are only a risk if you click on them. Advanced malvertising can bypass some ad-blockers or automatically initiate malware downloads if you’re just on the same page as them. This is referred to as drive-by-downloading, and it’s increasingly difficult to guard against.
Other adverts can be coded to trigger an auto-redirect. This will send you to a new page and force your device to connect to the attacker’s server.
Post-click is still equally dangerous, of course. If the attacker can lure you into clicking on the advert, you’re immediately at risk.
When you click on the advert or are forcefully redirected, the next stage of the attack begins.
The server you connect to will contain an exploit kit, which activates on contact. Exploit kits are pieces of software designed to audit your system and search out any weak-spots. As soon as it finds vulnerabilities in your operating system or your browser, the attacker can install the rest of their malware. From that point on, they can do almost anything they want.
Unfortunately, there aren’t many sure-fire ways to avoid this threat. Some pre-click malicious adverts can even bypass ad-blocking, so effective prevention has to be a multifaceted strategy. That being said, there are ways to cover yourself as much as possible.
Use NordVPN’s Threat Protection feature to help protect yourself from malvertising. Try it risk-free with our 30-day money-back guarantee!