Malvertising: advertising like a two-faced Janus

Security Awareness
2 August 2023

Driving the economy but also crime

“I’m at home sitting in front of the TV when the phone rings and a voice on the other end says, “How would you like to be this year’s vodka man?” I reply: “No, I’m an artist, and I don’t advertise, I don’t pander, I don’t drink vodka, and if I did, I wouldn’t drink yours!” He says, “Too bad we pay $5 million…”; and I say, “Hold on please, I’ll put you through to Mr Allen…””

This hilarious quote by Woody Allen lays bare the power that advertising holds over everyone, even those who like to think of themselves as incorruptible. Both on the side of those who suffer from advertising and on the side of those who profit from it.

So it is not far wrong to say that advertising is the power and driving force in the world today. Or, at least of the world in which most of humanity lives.

Its purpose is to influence knowledge, evaluations, attitudes, thoughts and behaviour, mainly in business but also in social and political spheres. To achieve this, it adopts all kinds of language, uses all kinds of tools and navigates through any medium, especially the web.

It is therefore difficult to think that cybercriminals, who are increasingly capable of sneaking into the folds of communication, will miss the opportunity to take advantage of the advertising tool.


And so, for several years now, there has been a widespread type of attack called malvertising, a term derived from the fusion of malware with advertising, which follows a very simple and effective structure:

  • The hacker buys advertising space (often banners);
  • they create an advertisement in which they enter a malicious code;
  • they post the advertisement on legitimate sites as well;
  • they wait to enjoy the fruits of their labour.

This technique, therefore, aims to exploit people’s daily web surfing activities by embedding malware in seemingly innocent online advertisements. So, all it takes is one wrong click for criminals to discover and steal valuable data.

Not just risky websites

One of the factors that makes it so dangerous is that it can appear almost anywhere. The vast majority of publishers use third-party advertising networks on their websites, providing easy targeting and a wealth of opportunity for hackers. This means that almost any website that carries advertising can potentially be infected with advertising malware, including those trusted sites that many people visit on a daily basis.

This is also because there are a number of methods to perform malware attacks through online advertising that do not require the user to interact directly with an infected advertisement.

For example, a user may see a banner advertisement promoting a special offer that, when clicked on, directs them to a legitimate-looking site that states that the product on sale is actually out of stock. At that point, the visitor will leave the site, but will already have been infected. Other techniques include hiding malware inside the pixels of banner advertisements or in videos.

Another form of attack is the so-called “drive-by download“, which preys on vulnerabilities within the browser itself to infect a system when the advertisement is displayed, even if a user does not interact with it directly.

These techniques have been used in malvertising attacks that have appeared on some of the world’s most visited and most high-profile websites, including, among others, the New York Times, the BBC, Forbes, etc.

And this is exactly where the danger of this type of technique lies. In fact, many people think that in order to avoid becoming a victim of malware, it is enough to stay away from risky web content. But unfortunately, this is not the case.

In fact, third-party advertisers such as, for instance, Google Ads, on which this type of campaign is steadily increasing, are often targeted.

This is why security experts say that great care must be taken when clicking on advertisements at the top of the search engine’s home page. It also appears that hackers are using a combination of advertisement hijacking and SEO poisoning, through which criminals change the search engine optimisation of their advertisements to push them to the top of Google’s search page.
When users click on a fake link, the hackers are able to infect the victim’s device with their malware. Furthermore, with increasingly sophisticated software often offered for sale as malware-as-a-service at relatively low prices, even unskilled hackers can steal valuable credentials and sell them on dark web markets.

Likewise, some cybercriminals target sites that rent space directly to advertisers, which may often be smaller publishers with weaker safeguards, for the use of banner advertisements or pop-ups.

The risk on mobile devices

While many malvertising attacks capitalise on vulnerabilities within the desktop versions of popular web browsers, mobile malvertising is increasingly popular as people’s surfing habits have largely changed. This can be particularly dangerous for a number of reasons.

First of all, with smaller touchscreens, it is easy for users to make the wrong movements and accidentally click on advertisements. Also, advertisement blockers are less common on mobile devices, therefore more users are likely to view infected advertisements, increasing the chances of infection.

Finally, antivirus protection is used less frequently on mobile devices, particularly on personal devices that may also be used to connect to corporate networks.

What can I do to protect my data from a ransomware attack?

At this point, the question naturally arises: how to defend oneself against this?

First of all, bearing in mind that in this day and age, it is advisable not to trust those who make us offers that are too good to be true. It also reminds us of the importance of never losing focus and awareness of what you are doing online and to never act in haste and when distracted. Cyber criminals craftily slip through the cracks of distraction and unawareness and those cracks, with equal slyness, must be kept tightly closed.

Here are some of the main recommendations to prevent the threat of malvertising:

  • Software Updates: always keep your operating system, web browsers, and all plugins up to date. Many forms of malvertising exploit known vulnerabilities in outdated software.
  • Extensions and Plugins: install browser extensions that block advertising and trackers, such as AdBlock Plus or uBlock Origin.
  • Anti-Malware Software (generically called AntiVirus): use reliable anti-malware software and keep it up to date. Regularly carry out full system scans.
  • Safe web browsing: avoid visiting suspicious websites or downloading files from untrusted sources.
  • Disable auto-run: set your browser so that it does not automatically execute scripts or multimedia content unless you have expressly authorised it to do so.
  • HTTPS: always give preference to sites using HTTPS over those using HTTP, as they offer a more secure connection.

Articoli correlati

CEO Fraud: Trust NoOne

CEO Fraud: Trust NoOne

One of Fremantle‘s leading execs in Europe has become victim of a sophisticated $1M scam: ‘CEO Fraud’ Imagine making a transfer of almost one million euros in a hurry, only to realize a few minutes later that you have been tricked. In just a...

read more