Malvertising is threatening you more than you think


The times of safe web surfing are gone. Today, scammers are becoming more intelligent in learning hacking techniques and invading from new angles; one of them turns out to be  advertising. Do you remember the Stegano virus, which delivered backdoors, spyware, and banking Trojans through malicious ads? Or the Rough Ted malvertising campaign?

According to recent research conducted on Adguard software users, 57 per cent of users had crucial data stolen (such as financial information and PINs) or expected to be attacked on hijacked ad networks, while 48 per cent expressed deep concerns about tracking requests hidden in online ads and sending data to third parties. So, if the task of the previous generation of ad blockers was just to hide advertising elements from users’ eyes, now developers are struggling to break relations between browsers and ad servers to avoid potentially dangerous data transfers.

How does it work?

Hackers use malicious ads to embed on your device a code that allows browsers or applications to download unwanted elements from ad servers and, conversely, to transfer your private data to ad networks. To stop this two-way communication, ad blocking programs maintain filters – lists of rules and criteria – to detect advertisements among other web content in advance and to prevent their appearance on a page. 

These filters are a result of manual labour (because automatic recognition based on artificial intelligence or self-learning neural networks has not been developed yet) and exploit various criteria of ad definitions including the appearance of an element, behaviour, and upload address. After blocking requests from a browser to an ad server, programs just reformat desired web content to utilise emptied ad space.

Besides full-service ad blocking software, some users prefer to install browser protection extensions (such plug-ins as NoScript, Ghostery and others) and mobile apps. Obviously, the main advantage of extensions is free access. However, they also have a limitation: since an extension "lives" inside a browser, it has to depend on the browser’s ad policy (note that “ad-friendly” browsers may not be willing to reduce their advertising income). An ad blocking mobile app works like an ordinary mobile app, collecting and filtering all web traffic by the other apps on your device.

Which ads are the most dangerous?

The most dangerous perpetrator of cyber crimes and spying is any large advertising network. When placement is manual, you have fewer opportunities to plant malicious elements in your ads and use them for your own purposes. However, the large ad networks receive hundreds of thousands of submissions daily, so their moderation process is automatic, and thus easier to subvert. 

The other aspect that there is more risk of getting “caught” by malvertisers on sites with dynamic banners rather than on web pages with static advertisements. Some web sites provide an option to consume content without any advertising for a small charge. When I face such a nag screen, I personally prefer to pay and not turn off the ad blocking program. If there is no possibility to continue browsing a site without turning off the ad blocker, I will take into consideration the type of advertising placed there. I would not whitelist a site with animated/dynamic banners. 

What is considered to be the most harmless online advertising? Surprisingly, the answer is contextual advertising and ads on social media.

What’s next? 

I’d like to give you an optimistic forecast, but unfortunately, the situation with malvertising is not expected to improve soon. On the contrary, it is getting worse. Multiple researches report significant growth of malicious ad volumes last year. For example, RiskIQ’s Malvertising Report measured a 132 per cent increase in hijacked ads in 2016. According to Malwarebytes Lab research, the amount of phishing attacks in ad networks increased by 267 per cent in 2016. It's too early to make conclusions about 2017, but a recent survey by Avira claims that out of 894,000 detected threats, almost a quarter (24 per cent) were triggered by five popular advertising networks.

How to protect yourself?

If you are a desktop user:

1.      Be careful on sites that ask for your private data. Don’t forget that you need not push the “submit” button to be tracked.

2.      Don’t install browser extensions made by unknown developers (if you were a developer of browser extensions, you’d be buried under requests from advertisers to exploit the code).

3.      Try to avoid closed source extensions. You can’t fully trust open source extensions either.

4.      Always read the privacy policy of browser extensions.

5.      Have a look at the permissions of browser extensions.

If you are a mobile user:

1.      Always read the privacy policy of mobile apps.

2.      Beware of mobile apps that request access to “Identity”.

3.      Only use mobile apps made by developers you know.

4.      Give a preference to open source apps.

5.      Remember that using mobile apps is more risky than surfing in a mobile browser.

Whatever device you use, just be careful with your choice of sites, extensions, and mobile apps, and have ad blockers installed on all of your gadgets.

Andrey Meshkov, CTO, AdGuard
Image Credit: JMiks / Shutterstock