What is malvertising? | Impact & protection against it

Have you ever browsed the web and then all of a sudden, your screen is taken over by a pop-up that won’t go away and is obnoxiously telling you that you’ve “won an Amazon gift card?”

If you answered yes, then you have firsthand experience with malvertising.

Malvertising is a malicious attack that impacts legitimate websites by bad actors purchasing and submitting ads that appear to be normal, but in fact, execute malicious activity when displayed.

The above scenario is one of many forms of malware that can affect your device through an online advertisement on the website you visited. Composed of creative, data, and JavaScript, digital ads have the potential to reach billions of end-users, making them an attractive target for bad actors wanting to deliver malware to unsuspecting web or app visitors.

In addition to adversely impacting publishers’ ad revenue, malvertising disrupts the user experience by prohibiting them from engaging on a site by hijacking the web browser and forcing users to a new page, freezing the page as a whole, or other malicious activity.

A Malvertising attack can take a variety of forms, including forced redirects (just like our pesky Amazon gift card example), crypto-mining, video stuffing, and more. Fraudulent advertisements sneak into our user experiences by mimicking the appearance of familiar advertisements.

These disguises can include pop-up advertisements that try to persuade you to update existing browsers or software programs or offers for free items and services. In addition to pop-up formatting, a malicious ad can be disguised as a paid ad, banner ad, widget, and more.

Often, malicious ads use tactics such as scareware, get-rich-quick, surveys, or tech support scams to entice viewers to click. These tactics could be anything from a false warning that your device is already infected and prompt the installation of a scam anti-virus or VPN solution, or a reminder that foundational software requires updating to continue use.

Malvertising affects everyone. From the technology companies that enable ads to be bought in the ecosystem, the supply-side platforms that help publishers monetize the eyeballs on their sites, the publishers themselves, and ultimately, end-users – no party is unscathed from the disruption caused by malvertising.

Malvertising attacks negatively impact publishers by damaging their reputation and brand. When a forced redirect or click disrupts a customer’s visit to a publisher’s site, and puts them at risk of a malware attack, it taints the visitor’s perception of the publisher and discourages them from revisiting that site.

In addition to causing customer complaints, malvertising impacts the publisher’s revenue stream. Malvertising forces stakeholders to drop focus on revenue-generating initiatives to fight malicious ads and defend their site. During periods of a malvertising attack, publishers can suffer significant losses to time spent on-site from malicious redirects, resulting in an overall loss of traffic.

This impacts their digital advertising KPIs as consumers are auto-redirected to an alternative URL/site, which does not count as a revenue-generating event for the publisher. The drop off in user attention, and eventual loss in loyal customers, at the hands of harmful and unwanted advertising, including mobile ad fraud, directly impacts the bottom line. Malvertising also incurs indirect costs, including litigation, mitigation, and fixing vulnerabilities after the web application deploys.

It should be no surprise that digital advertising is on the rise. According to Forbes, “The U.S. advertising market has seen a marked shift in dynamics over the last decade due to the rise of digital advertising. In terms of component growth, non-digital revenues are expected to decline due to budget shifts towards digital.”

Digital advertising is thriving, and the number of ads encountered on a daily basis will only continue to grow. No matter where you go on the web, digital advertisements will be there to greet you, and with them, the threat of malvertising.

Protecting your ad inventory from malvertising and cybercriminals is essential to protecting digital ad revenue and preserving a website’s user experience. However, the effects of malvertising extend beyond the economic impact of reduced time on the site and lost site visitors or brand credibility.

While the aforementioned reasons in itself are reason to care, malvertising also funds cybercriminals who profit off of your advertisements and then reinvest their earnings in more cybercrime.

User complaints have the potential to damage a publisher’s brand and trust. Furthermore, key distribution partners like social networks may take action against publishers which can lead to additional revenue loss.

Finally, certain monetization partners like Google and other legitimate online advertising networks may flag publishers for malware, even though those same platforms delivered malware to the publisher in the first place. Not only is the visitor’s goal interrupted, but publishers could also lose a customer or follower as a result – potentially trickling into bad online reviews, publicized complaints, or business loss.

With the constant evolution of the digital landscape and growing sophistication of malvertising threats, it can be challenging to prevent, stop, or predict the sources of malicious advertising in the programmatic ad ecosystem.

Static Analysis

When malvertising first surfaced, the first generation of malware prevention solutions utilized static analysis. The most common of these solutions included offline scanning. With this solution, an advertiser registers creative for a new campaign and then an ad quality solution scans the creative in an offline environment to ensure legitimacy.

Result: This was easy for attackers to get around because the offline environment was not representative of real users and is easy to circumvent.

Blocklisting

Blocklisting led to the next generation of malvertising prevention – URL blocklisting. Blocklisting is essentially the compilation of suspicious URLs that bad actors have been using and have been identified as malicious and blocked from reentry.
Unfortunately, sophisticated ad malware can be written to detect a sandbox testing environment, preventing the delivery of a malicious payload until it is on a live site. As malvertising continues to evolve, this kickstarted a new generation of prevention solutions to thwart bad actors – behavioral analysis.

Result: While a widely used solution to this day, blocklisting is only as effective as the list itself. Rather than identifying and preventing malicious code in real-time, blocklisting involves using a sandbox, or an isolated virtual environment, to notice attackers and put them on the blocklist in order to block the next one that tries to get on the site.

Behavioral Analysis

The modern approach to malvertising prevention is behavioral analysis. This describes on-page blocking of malicious ad creative in real time. With the malicious behavior removed, the ad impression is still allowed to fire.

Result: Businesses are protected from new and novel threats that might not be known to a blocklist. Malvertisers still pay for ad impressions, even though they do not get the reward of spreading malware. This makes malvertising unprofitable for the bad actor. When that happens, not only will your visitors be protected when they visit the site, bad actors are discouraged from targeting your website.

HUMAN Malvertising Defense analyzes ad behavior to determine if it exhibits characteristics of malicious ads. By analyzing JavaScript on the page in real-time and looking for specific behaviors that are deemed nefarious, HUMAN’s malvertising solution stops attackers from executing malvertising campaigns. The solution still allows each auction to complete and each ad to render on the page. The result if future-proof protection without sacrificing ad revenue.

How to make malvertisers pay

Anti-malvertising solutions: creative wrapping vs. page-level protection

Video stuffing ads: how they erode ad revenue & protection against them

Auto redirects: what they are, how they work, and how they hurt your ad revenue