What is malvertising? Cybercriminals exploiting search ads to spread malware

As internet users increasingly rely on search engines for everyday needs, cybercriminals are finding new ways to exploit this dependency.

One of the most concerning trends is the rise of malvertising, a malicious tactic where attackers hide malware within online advertisements, including those displayed in search results.

This sophisticated method not only targets individuals but also corporations, putting both personal data and business systems at risk.

In recent years, malvertising incidents have surged, with threat actors refining their tactics to make malicious ads almost indistinguishable from legitimate ones.

Despite efforts by search engines to crack down on these schemes, cybercriminals continue to find ways to outmaneuver security measures, leading to significant challenges in online safety.

How does malvertising work?

Malvertising is the practice of embedding malware into online advertisements, which are often displayed on popular search engines like Google and Bing.

These ads may imitate legitimate brands or services, tricking users into clicking on malicious links.

Once clicked, users may unknowingly download malware onto their devices, leading to compromised data, stolen credentials, or even full system control by attackers.

For example, in one notable case, a malicious ad posed as a VPN service, tricking users into downloading a remote access trojan (RAT).

This type of malware gave attackers control over browser sessions, enabling them to steal sensitive information such as login details and personal data.

Other cases have involved hackers impersonating popular software like Blender, Audacity, and GIMP to lure victims.

The most troubling aspect of malvertising is its stealth.

Unlike traditional phishing attacks, which may rely on suspicious emails or obvious scams, malvertising can appear in regular search engine results, making it difficult for even vigilant users to detect.

This allows cybercriminals to bypass typical security measures, spreading malware through seemingly legitimate channels.

Why malvertising is increasing

According to cybersecurity experts, the rise in malvertising is largely due to the growing sophistication of cybercriminals.

A recent report by Malwarebytes revealed a 42% increase in malvertising incidents in the US alone, with many attacks targeting popular brands for either phishing or malware delivery.

Jérôme Segura, senior director of research at Malwarebytes, warns that this increase is just the “tip of the iceberg,” as cybercriminals continue to improve their tactics.

One of the key drivers behind this increase is the ease with which attackers can purchase ad space on major platforms.

Without the need for complex SEO tricks, cybercriminals can simply pay for ads that appear at the top of search results.

In many cases, these malicious ads are indistinguishable from legitimate ones, making it difficult for users to identify them.

Furthermore, even trusted websites are not immune. Erich Kron, a security awareness advocate for KnowBe4, points out that malicious ads can infect users simply by visiting a compromised website, even without clicking on the ad itself.

Corporate targets and real-world examples

While individuals are often the primary targets of malvertising, corporations are not immune.

In one incident, employees of Lowe’s were tricked into visiting a phishing page masquerading as the company’s employee portal.

Similarly, a fake ad for Slack, owned by Salesforce, redirected users to a legitimate pricing page before attempting to deliver malware disguised as the official app.

These incidents highlight the dangers malvertising poses to businesses.

Corporate networks, once infiltrated, can suffer from significant data breaches, financial losses, and reputational damage.

As such, companies must remain vigilant, ensuring their employees are educated on the risks of clicking on sponsored ads or visiting unfamiliar websites.

Why Google and Bing are not to blame

Although many malvertising incidents occur on popular search engines, experts emphasize that the fault does not lie with platforms like Google or Bing.

Stuart Madnick, a professor of information technology at MIT Sloan School of Management, notes that while search engines take measures to block malicious ads, the sheer volume of online advertising makes it impossible to guarantee complete safety.

“You see something appearing on a Google search, you kind of assume it is something valid,” Madnick was quoted as saying by CNBC, explaining that users often place too much trust in search engine results.

However, the responsibility for online safety also falls on consumers. By being cautious and aware of the risks, users can significantly reduce their chances of falling victim to malvertising.

How to protect yourself from malvertising

To guard against malvertising, both individuals and businesses can take several steps:

• Avoid clicking on sponsored ads in search engine results. The first organic link below the sponsored one is often a safer option.
• Check URLs carefully before clicking. Subtle misspellings or unfamiliar domains can indicate a malicious site.
• Use an ad blocker to prevent malicious ads from appearing altogether. Tools like uBlock Origin are effective at filtering out suspicious content.
• Keep browsers and software up to date. Many malvertising attacks rely on exploiting outdated software vulnerabilities, so regular updates are crucial.
• Install anti-malware software to add an extra layer of protection against potential threats.
• Report suspicious ads to search engines for investigation and removal.

By staying vigilant and following these protective measures, users can reduce the risk of falling prey to cybercriminals’ increasingly sophisticated malvertising schemes.

As the threat of malvertising continues to grow, it’s more important than ever for users to remain cautious while navigating the online world.

Whether it’s through search engines, legitimate websites, or corporate networks, malicious ads are becoming harder to identify, putting both individuals and organizations at risk.

By staying informed and taking proactive measures, users can protect themselves from this evolving cyber threat.