What is Malvertising?

by | Sep 13, 2024 | News, Security

Malvertising is appearing more frequently on search engines.

More people are starting to experience frustration with search engines, partly due to occasional inaccuracies in AI-driven overlays and an excess of advertisements.

Another emerging concern is “malvertising” or malicious advertising, which, according to CNBC, saw a 42% month-over-month increase last fall.

What exactly is malvertising?

Malvertising occurs when cybercriminals use ads to conduct phishing attacks or install malware. These ads resemble legitimate ones, showing up during searches or while reading online content, often mimicking well-known brands such as Amazon.

Jérôme Segura, Malwarebytes’ senior director of research, stated that these attacks do not only target consumers but also corporate employees. In one case, employees were deceived into clicking a link to a phishing page disguised with a minor spelling error.

Malvertising differs from adware, which merely displays unwanted advertisements, including annoying pop-ups, on your device.

Why has it become prevalent now?

Search engines are heavily trusted and frequently used, making them prime targets for cyber criminals seeking victims. Furthermore, Malwarebytes reports that hackers lost a popular method when Microsoft started blocking embedded Office macros, which previously enabled malware programs to be secretly downloaded with files.

How can you protect yourself?

Avoiding malicious ads can be challenging due to the high volume and constant changes across websites. Services such as Kinetics KARE are effective as they keep your software and browsers updated, and deploy EDR tools and ad blockers.

Additionally, refraining from clicking “sponsored ads” can offer obvious protection, as these ads are often irrelevant to search queries. If interested in a company, it’s safer to visit their official website directly. If you do click on an advertisement, always verify the URL to ensure it leads to the intended site and is not a cleverly disguised fake.

 

Refer:

https://www.malwarebytes.com/blog/news/2024/02/malvertising-this-cyberthreat-isnt-on-the-dark-web-its-on-google