Malvertising, a word that blends malware with advertising, refers to a technique cybercriminals use to target people covertly. Typically, they buy ad space on trustworthy websites, and although their ads appear legitimate, they have malicious code hidden inside them. Bad ads can redirect users to malicious websites or install malware on their computers or mobile devices.
Some of the world’s most popular websites, including those of the New York Times, Spotify and the London Stock Exchange have inadvertently displayed malicious ads, putting their users in jeopardy. What’s worrying is that people can get infected even if they don’t click on the images: Often it’s enough if they just load. This method is called “drive-by download,” because all a victim has to do is “drive by” a web page.
Cyber criminals use malvertising to deploy various forms of money-making malware, including ransomware, cryptomining scripts or banking Trojans. Some schemes install scripts that execute click-fraud operations in the background. For attackers, this endeavor can be very profitable. “Today, malvertising groups are highly organized businesses,” says Jerome Dangu, co-founder and CTO of Confiant, a company that develops solutions against bad ads.
Malvertising is sometimes confused with adware. Malvertising refers to malicious code initially included in ads, which affects users who load an infected website. Adware is a program that runs on a user’s computer. It’s often installed hidden inside a package that also contains legitimate software, or lands on the machine without the knowledge of the user.