What is Malvertising?
by Matt Gillis, on Aug 2, 2022 9:00:00 AM
Have you ever browsed the web and then all of a sudden, your screen is taken over by a pop-up that won’t go away and is obnoxiously telling that you’ve “won an Amazon gift card?”
If you answered yes, then you have firsthand experience with malvertising.
But what is malvertising?
Malvertising is a malicious attack that impacts legitimate websites by bad actors purchasing and submitting ads that appear to be normal, but in fact execute malicious activity when displayed.
Learn more about the key FAQs about Malvertising:
- Who does malvertising affect?
- Why should you care about malvertising?
- How can you protect against malvertising?
-- Article Continues Below --
In addition to adversely impacting publishers' ad revenue, malvertising disrupts the user experience by prohibiting them from engaging on a site by hijacking the web browser and forcing users to a new page, freezing the page as a whole, or other malicious activity.
A Malvertising attack can take a variety of forms, including forced redirects (just like our pesky Amazon gift card example), crypto-mining, video stuffing, and more. Malicious adverts sneak into our user experiences by mimicking the appearance of familiar advertisements.
These disguises can include pop-up advertisements that try to persuade you to update existing browsers or software programs or offers for free items and services. In addition to pop-up formatting, a malicious ad can be disguised as a paid ad, banner ad, widget, and more.
Learn More About Different Types Of Ad Fraud
Often, malicious ads use tactics such as scareware, get-rich-quick, surveys, or tech support scams to entice viewers to click. These tactics could be anything from a false warning that your device is already infected and prompt the installation of a scam anti-virus or VPN solution, or a reminder that foundational software requires updating to continue use.
Read the Case Study
How cleanAD Completely Eliminated Malicious Redirects, Freeing up 60 Hours of AdOps Efforts per Week, for Venatus Media
Who does malvertising affect?
Malvertising affects everyone. From the technology companies that enable ads to be bought in the ecosystem, the supply-side platforms that help publishers monetize the eyeballs on their sites, the publishers themselves, and ultimately, end-users – no party is unscathed from the disruption caused by malvertising.
For publishers, a malvertising attack damages a site's reputation and brand as well as impacts ad revenue. When a forced redirect or click disrupts a customer's visit to a publisher's site, and puts them at risk of a malware attack, it taints the visitor's perception of the publisher and discourages them from revisiting that site.
In addition to causing customer complaints, malvertising impacts the publisher's revenue stream. Malvertising forces stakeholders to drop focus on revenue-generating initiatives to fight malicious ads and defend their site. During periods of a malvertising attack, publishers can lose between 60-80% of the time spent on-site from malicious redirects, resulting in an overall loss of traffic.
This impacts their digital advertising KPIs as consumers are auto-redirected to an alternative URL/site, which does not count as a revenue-generating event for the publisher. The drop off in user attention, and eventual loss in loyal customers, at the hands of harmful and unwanted advertising directly impacts the bottom line. Malvertising also incurs indirect costs, including litigation, mitigation, and fixing vulnerabilities after the web application deploys.
Why should you care about malvertising?
It should be no surprise that digital advertising is on the rise. In a 2019 report, Forbes reported, "The U.S. advertising market has seen a marked shift in dynamics over the last decade due to the rise of digital advertising. In terms of component growth, non-digital revenues are expected to decline due to budget shifts towards digital."
Digital advertising is thriving, and the number of ads encountered on a daily basis will only continue to grow. No matter where you go on the web, digital advertisements will be there to greet you, and with them, the threat of malvertising.
Protecting your visitors from malvertising and cybercriminals is essential to protecting digital ad revenue and preserving a website's user experience. However, the effects of malvertising extend beyond the economic impact of reduced time on the site and lost site visitors or brand credibility.
While the aforementioned reasons in itself are reason to care, malvertising also funds cybercriminals who profit off of your advertisements and then reinvest their earnings in more cybercrime.
User complaints have the potential to damage a publisher’s brand and trust. Furthermore, key distribution partners like social networks may take action against publishers which can lead to additional revenue loss.
Finally, certain monetization partners like Google and other legitimate online advertising network may flag publishers for malware, even though those same platforms delivered malware to the publisher in the first place. Not only is the visitor's goal interrupted, but publishers could also lose a customer or follower as a result - potentially trickling into bad online reviews, publicized complaints, or business loss.
Read the Guide
Malvertising prevention is essential for any publisher with an expansive online presence, and shoring up your lines of defense is a worthwhile investment.
How Can You Protect Against a Malvertising Attack?
With the constant evolution of the digital landscape and growing sophistication of malvertising threats, it can be challenging to prevent, stop, or predict the sources of malicious advertising in the programmatic ad ecosystem.
When malvertising first surfaced, the first generation of malware prevention solutions utilized static analysis. The most common of these solutions included offline scanning. With this solution, an advertiser registers creative for a new campaign and then an ad quality solution scans the creative in an offline environment to ensure legitimacy.
Result: This was easy for attackers to get around because the offline environment was not representative of real users and is easy to circumvent.
This led to the next generation of malvertising prevention - URL blocklisting. Blocklisting is essentially the compilation of suspicious URLs that bad actors have been using and have been identified as malicious and blocked from reentry.
Result: While a widely used solution to this day, blocklisting is only as effective as the list itself. Rather than identifying and preventing malicious code in real-time, blocklisting involves using a sandbox, or an isolated virtual environment, to notice attackers and put them on the blocklist in order to block the next one that tries to get on the site.
Sophisticated ad malware can be written to detect a sandbox testing environment, preventing the delivery of a malicious payload until it is on a live site. As malvertising continues to evolve, this kickstarted a new generation of prevention solutions to thwart bad actors - behavioral analysis.
Rather than taking a reactive approach to malvertising prevention, cleanAD's malvertising solution analyzes the behavior of the ad to determine if it exhibits characteristics of malicious ads.
Result: This makes malvertising unprofitable for the bad actor. When that happens, not only will your visitors be protected when they visit the site, bad actors are discouraged from targeting your website.
Get Started With cleanAD
Whether your site or app is actively being attacked by malicious code from bad ads or you want to have a solution in place for preventative measures, cleanAD's exceptionally easy-to-implement cybersecurity platform is available to protect publisher digital advertising revenue and visitor user experiences.
Using behavioral analysis, cleanAD minimizes the impact and profitability of malicious ads and yields fewer false positives and false negatives, so you can make the most of your ad monetization.