Malvertising Is Once Again on the Rise Leading to Malware Infections

Hackers Hi-Jacking Real Advertisements to Attack unsuspecting users.

The Rise (again) of Malicious Advertisements

In the constantly evolving landscape of cybersecurity threats, malicious advertisements (also known as “malvertising”) has emerged as a significant challenge. A recent report by Sophos highlights the alarming trend of cybercriminals using paid advertisements to direct users to malicious websites, resulting in the spread of malware infections like IcedID and Gozi.

Understanding Malvertising

Malvertising, a blend of “malicious advertising,” is not a novel concept but has gained momentum recently. This technique involves cybercriminals buying ads to ensure their malicious sites appear prominently in search results, targeting individuals seeking to download popular software applications. Such strategies have evolved from the traditional SEO poisoning, where attackers manipulate search engine algorithms to rank their malicious sites higher.

Recent Trends and Targets

Recent malvertising campaigns have shifted focus to AI-related tools like Midjourney and ChatGPT, expanding beyond common targets like Capcut, Blender 3D, VirtualBox, and others. This strategic shift indicates the adaptability of cybercriminals to emerging technologies and user trends.

Increased Incidence in 2023

Early 2023 witnessed a significant spike in malvertising, with threat actors leveraging it to distribute information stealing malware like Rhadamanthys and IcedID. This rise could partly be attributed to changes in malware distribution methods, spurred by Microsoft’s decision to block macros from untrusted sources, prompting threat actors to explore alternative avenues like malvertising.

The Role of Criminal Marketplaces

The underground economy has contributed to the proliferation of malvertising. Criminal forums and marketplaces offer services and tools for SEO poisoning and malvertising, making these tactics more accessible and affordable for a wider range of cybercriminals.

The Malvertising Infection Chain

The typical malvertising infection chain in late 2022 and early 2023 involved several steps:

  1. The user searches for software, encountering a malicious ad.
  2. This ad leads to a website controlled by the attacker.
  3. The user is persuaded to download an installer which contains both legitimate software and a malicious payload.
  4. The payload then collects information and sends it back to the attacker.

Preventative Measures for Businesses

To safeguard against such sophisticated attacks, businesses need to implement comprehensive cybersecurity strategies. Key measures include:

  • Regularly Update Software and Systems: Keep all software and operating systems up to date to patch vulnerabilities.
  • Implement Advanced Threat Protection: Use solutions that can detect and block malvertising.
  • Remove Administrative Rights: staff members without Administrative rights should not be able to install software without IT’s permission and support limiting the potential damage from malvertising schemes.
  • Educate Employees: Conduct regular training sessions on the latest cybersecurity threats and safe browsing practices.
  • Use Reliable Download Sources: Encourage employees to download software from official and verified sources only.
  • Deploy Network Security Solutions: Implement solutions like firewalls and intrusion detection systems to monitor and control web traffic.
  • Regular Backups: Maintain regular backups of critical data to mitigate the impact of any breach.
  • Incident Response Plan: Have a well-defined incident response plan in place for quick action in case of an attack.
  • Cyber Insurance: when a targeted attack breaches your network, encrypts your files, or threatens to expose company secrets to the public Internet, cyber insurance can be helpful you recover quickly and carry with your mission.

Conclusions on Malvertising

Malicious Advertisements aren’t going away. They play on the trust Internet users have for brands and websites hackers have infiltrated or compromised.  Trusting users download what they believe are legitimate files or applications leading to critical damage to company devices, networks, potentially exposing company data.

Train your users to be cautious. Install all patches and system updates. Backup your critical data. Limit privileges on systems by removing local administrative rights.  Following these precautions can go a long way in protecting your business from the ever evolving threat landscape we all face online today.


How to Malicious Ads Appear in Google Search Results?

Watch this 6 min video to learn how Google Ads can be hijacked by hackers and how Google will ban them when found.  If this has happened to you, the company behind this video can assist you in fixing the problem so you can once again publish Google Ads for your products and services.


Secure your business with CyberHoot Today!!!