Malvertising – Advertising masked with Malware

Malvertising – Advertising masked with Malware

The world of technology has gone rogue these days as cybercrime is rising alarmingly and is populating the hacker’s market worldwide. Hackers are nowadays using the ads as a means of hacking the cyber world and penetrating the binary world, knowing each and everyone’s details like the back of their hand. Not only that the future of ads is more devastating. I will share with you the inside out of what is happening and what will happen next if the ads are maliciously crafted for cybercrime.

Malvertising (merging two different words, Malicious + Advertising), can be defined as a malicious figure of Internet advertising where malware gets spread through ads. According to a research report, 72% of mobile malware has the source adware. The remaining 28% consisted of banking trojans, ad-driven ransomware, fake apps, crypto-lockers, and auto-downloaders. It is typically performed and executed by concealing a malicious code embedded within comparatively safe (as per general human’s knowledge and understanding) online advertisements. These ads usually drag the victim’s system to untrustworthy content or unswervingly infect the target victim’s system with malware when he or she clicks the ad or start viewing the ads. In the background, these ads will let the malware download or use that code to damage the system or even the entire network and might also make their hands dirty by taking access to sensitive information or even possesses the power to control the system remotely.

Malware-binded ads are popularly found on torrent-based sites, porn sites, free downloading of movies and music sites, Facebook, and other social networking sites such as Instagram which acts like normal Google ads or other casual ads but contain contaminated code which can cause huge trouble. Malvertising also embraces preinstalled malicious programs and links to malicious sites that are set to launch via payloads at definite dates and times, and if they are clicked may redirect you to other sites that contain the virus.

As per the network security firm ‘Blue Coat Systems Inc.’, malvertising is a very modern method of hijacking computers and systems by the technique of organized crime. Systems that get compromised can be employed for crafting them into a powerful botnet (this is a separate topic of discussion) system that can be implemented for carrying out identity theft, business espionage as well as other illegal acts, and dark services. Malvertisements are sophisticatedly put on a popular or service-based website in one of these two possible ways:

  • Legitimate advertisements: In this case, at first, the criminal will consign a sequence of malware-free ads on any trusted site and page which runs various 3rd party ads, and then the hacker leaves those pages unattended for some months to gain search optimization and an excellent reputation for the site or page through which the hacking will be done. Then, after few months of hibernation, the cybercriminal will instill a malicious code or payload into that / those ads, and when anyone will open those sites and the ads will run or get clicked, it will infect as many computers as possible in a small time-span before eradicating the malicious cipher or discontinuing the ad from that page or site.
  • Pop-up ads: A pop-up ad that helps hackers to deliver a malicious code in the background as soon as the ad becomes visible on the target system’s screen. Scareware, which is a malicious camouflaged program delivered with freeware anti-virus application or other cracked or non-licensed software, is habitually delivered via pop-up ads to all those users who use other freeware. In some other cases, these pop-up malware ads get triggered as soon as the close button is pressed within the freeware.

How to involve in combat with this partner of crime?
Since this way of cybercrime is very tricky and non-detectable in every possible way, it is unfortunately very difficult for users and the general public to detect at once these mal-ads. The best approaches to protect oneself from these are not to use freeware or other cracked programs from unknown sites. Also, ensure that all the ad utilization programs and applications as well as extensions and add-ons (like Flash or Java) are up to date and are not older updates/versions.

The Future of Malvertising
The future of malvertising will be denser in capabilities as the hackers will put more competence through code through which with just a single click on those ads, hackers will be able to set on a disability command for all antivirus and anti-malware on the target systems. Privacy breaching will also happen through these malvertising as the taste-pattern of the user will be captured in an intelligent way through the malicious code running at the back. Also, it might throw some JavaScript or other scripting code (attached like a digital-parasite) that can steal your browsing data by sticking somewhere within your browser. Taking control over your system may also let hackers create an entire botnet system and do a series of cybercrimes under your IP address. So, it is necessary to protect the future of the digital world smartly, and hence, it is requested to close the browser window when you are not using it. Stay Safe!


This amazing blog has been written by Gaurav Kumar Roy, who is a cybersecurity researcher, Sr. Tech Writer & International instructor & mentor. He is an India Book of Records Holder 2020 for maximum e-learning courses & materials published on various e-learning platforms.

Add Comment

Your email address will not be published. Required fields are marked *