Malvertising is a malicious cyber tactic that attempts to distribute malware through online advertisements. Online advertising is a vital source of income to many websites and internet properties. With demand higher than ever, online networks have become expansive and complex in order to effectively reach large online audiences. A relatively new cyber threat, malvertising takes advantage of these pathways and uses them as a dangerous tool that requires little input from its victims.

There are multiple strategies a “malvertiser” might employ but the end result is almost always to get the user to download malware or direct the user to a malicious server. The common strategy for malvertisers is to submit their malicious ads to third-party online ad vendors. If the vendor approves the ad and the malvertiser wins their bid, the seemingly innocent ad will get served through any number of sites the vendor is working with. Online vendors are aware of malvertising and actively working to prevent it but it can be difficult to catch. It’s important to only work with trusted, reputable vendors for any online ad services.

One of the things that makes malvertising so difficult to spot is that it is often distributed by the ad networks we are most likely to trust. In recent years, companies like Spotify and Forbes have both suffered as a result of distributing malvertising campaigns that infected their users and visitors with malware.

Here are some of the most recent examples:

RoughTed

RoughTed was a malvertising campaign first reported in 2017. It was particularly noteworthy as it was able to bypass ad-blockers. It was also able to evade many anti-virus protection programs by dynamically creating new URLs. This made it more difficult to track and deny access to the malicious domains it was using to propogate itself.

KS Clean

KS Clean consists of malicious adware contained or hidden within a legitimate mobile app. It targeted victims through malvertising ads that would download malware the moment a user clicked on an ad. The download would happen silently in the background and the first a user would know about it would be an alert appearing on their phone saying they had a security issue. The alert asks the user to immediately upgrade the app to solve the problem. The moment the user clicks on 'OK', the installation finishes and the malware is given administrative privileges. These privileges then permit unlimited pop-up ads to appear on the user's phone. This particular variant was very difficult to disable or uninstall.

While malvertising prevention should be a big priority for advertising channels, organizations should also take a strong stance to protect against any instances that might slip through the net. Network traffic analysis at the firewall level can help to identify suspicious activity before malware has a chance to complete its assigned task. In particular, firewall rules should be created to monitor redirects, iframes and other potentially malicious code that could introduce malware into the organization. Learn more about Forcepoint's Next Generation Firewall. 

Other general tips for preventing malvertising attacks include:

• A proactive company culture that is aware of cyber threats and the latest best practices for preventing them. Ongoing employee training is encouraged
• Actively update all systems and machines to ensure you have the latest patches and safest version of your technologies
• As previously stated, only work with trusted, reputable online advertising vendors 
• Online ad-blockers will help prevent malicious pop-up ads from initiating a malware download