What Is Malvertising and How Do You Avoid It?
Smartphones and personal computers have enhanced our lives in so many ways that it can be hard to even imagine a world without them. The internet is an awesome place with endless opportunities and possibilities, but it’s also home to some seedy characters that can expose us to certain risks, like malvertising.
Malvertising, which is short for malicious advertising, attacks and compromises systems by spreading advertisements injected with malicious code. Legitimate advertising networks can then display these malicious advertisements without even knowing they’re infected.
In this article, we’ll take a closer look at what malvertising is and what you can do to secure your data and keep your information safe online. We’ll also provide some examples so you can fully understand how malvertising might be used.
Having a thorough understanding of malvertising is the first step toward keeping the internet a safe place for you and your family.
How does malvertising affect you online?
Since malvertising disguises malicious code inside legitimate online advertising, ad networks may find it hard to stop malvertising from appearing as legitimate ads.
Viewing malvertisements can put your personal information at risk, such as your identification information, contact details, and financial data. It can also alter or delete your information, hijack your computer functions, spy on your computer activities, and steal your data. And this all can happen without your knowledge.
The type of risk, though, depends on the programs that the malvertising successfully downloads onto your device. These programs can include:
- Malware: This includes any malicious program that can harm your device or steal your information.
- Ransomware: Ransomware is exactly what it sounds like. It encrypts your files or locks your devices and requires you to pay a ransom to use them again. Cybercriminals generally require the ransom to be in cryptocurrency because it is untraceable.
- Spyware: This is a type of malware that spies on your online activities without your knowledge. Spyware puts your device’s security at risk and violates your privacy.
- Adware: Adware is short for advertising-supported software and hides on your device while serving you pop-up ads. This can slow down your device and install spyware or viruses on it.
- Viruses: A virus is a computer program that replicates itself onto computer programs and is designed to steal data or damage the device.
Examples of malvertising
Cybercriminals use various methods to inject infected code into online ads. Below are some examples of the types of malvertising that can pose a risk to your cybersecurity and exploit vulnerabilities on your devices.
- Ad creative containing malware: Text or banner ads can contain embedded malware. The infected ads — even if they’re display ads that aren’t clicked on — can put all of the devices that displayed the ad at risk for scams or malicious software.
- Ad calls containing malicious code: A cybercriminal can add infected code to an ad payload and infect any devices that display the ad.
- Video containing malware: Video players are vulnerable to malware since they don’t have any protection against it. Videos can display malicious links and, consequently, infect your device.
- Compromised URLs: Whenever a user clicks on an ad, it directs them between several URLs that eventually lead them to a landing page. If any of these URLs get infected with malicious code, the user’s computer can be at risk of a cyberattack.
- Landing page with a malware-infected element: Legitimate websites can also contain elements infected with malware. When you click on an ad and get directed to a legitimate landing page, your device can still be infected by a malicious element on the page.
- Pixel containing malware: Cybercriminals can intercept the delivery path of a pixel and send malicious code to your browser.
- Flash video containing malware: Flash files can load a pre-roll banner injected with malicious code. This can infect your device once it gets exposed to it without you having to click on the video.
Even highly reputable and popular websites, such as The New York Times, the BBC, Spotify, and AOL, have been targeted in the past by malicious ads, putting billions of visitors at risk. Any website can become a target.
What’s the difference between malvertising and adware?
Malvertising is often confused with ad malware. Both are forms of malware and involve infected advertisements, but they’re fundamentally different.
Malvertising uses malicious code that can cause harm to anyone viewing the infected advertisement, while adware is used to target individuals by forcing ads onto their devices to generate clicks. Users can get bombarded with pop-up ads, which can affect their devices. Adware also collects browsing information to sell to advertisers. This is often referred to as browser hijacking.
How to avoid malvertising as a web user
Taking the necessary steps to protect your online activities and personal identifying information can help shield you from malvertising attacks. Massive volumes of online ads are displayed every day, so it’s never been more important to safeguard yourself against any shady activity on the internet.
Taking a few steps can help you avoid malvertising and minimize your risk of identity theft.
- Take advantage of identity protection software like McAfee. We can help you stay protected against cybercrime with identity monitoring and identity restoration services (in the event of identity theft).
- Always ensure that your ad blocker and antivirus software are up to date. These can help reduce the risk of malvertising. Keep in mind that outdated software becomes less effective with time.
- Don’t use Java or Flash. The Flash player is vulnerable to cyberthreats since it’s an outdated plugin. Java is another plugin that allows software to be executed within your browser and carries a high risk of being abused to circumvent security measures on your device. You can disable the plugins or uninstall them entirely.
Keep your information secure online with McAfee
With so much sensitive information being shared online, it’s never been more important to take the necessary steps to help keep your data and privacy safe.
McAfee Total Protection services can help increase cybersecurity on your devices and keep your identity private from hackers. We offer all-in-one protection so you can get the peace of mind you deserve while enjoying the internet.
All products include identity monitoring, automated privacy using a virtual private network (VPN), a password manager, a firewall, and much more. We also offer identity restoration assistance and up to $1 million in identity theft coverage to help relieve the burden of data breaches.
Get comprehensive identity protection from McAfee and get back to surfing the internet with confidence.