The next time you’re tempted to click on an online ad, think again. That innocent-looking ad for a reduced price Spring Break vacation might actually be part of a sophisticated malvertising attack. This type of ad fraud is becoming more and more prevalent on the Internet, as cyber criminals come up with new and unique ways to deliver malicious payloads via online ads. The latest malvertising ad fraud technique, highlighted by researchers at Devcon, involves polyglot images used by advanced groups of cyber criminals. And these polyglot images are starting to show up all over the ad fraud space.
How the malvertising ad fraud scheme works
The growing sophistication of malvertising ad fraud
As you can probably tell from the explanation of this malvertising ad fraud attack, it is incredibly sophisticated. White hat hackers can reverse engineer this attack, but it is still very difficult to spot in the wild unless you know how the attack occurs. In contrast to this polyglot attack, a far more common malvertising ad fraud attack involves steganography. In a steganogaphic attack, actual pixels within the image are replaced by code. Depending on how many pixels are replaced, this can seriously degrade the quality of the picture – and might be a tip-off for savvy web users. If you see a grainy or blurry ad, then that might be a subtle clue that it is being used as part of a malvertising ad fraud attack.
The polyglot attacks spotted in the wild are even worse than originally assumed, because once you extract the payload and execute the malvertising script, you’re migrated to a new page, and your computer can be attacked again. Once a new page pop-up opens, it can launch a cryptomining attack or a remote access Trojan attack (in which your computer essentially hosts a malicious piece of code until exactly the right time for it to go into action and the hackers to access your computer). As Devcon noted, “This attack has many layers and new techniques to attempt to hide its true nature.”
What’s particularly alarming is just how widespread this type of polyglot attack has become within such a short period of time. That has led to speculation on the part of security researchers that new techniques are being devised to spread malware. For example, if the malvertising technique were available as an exploit kit for quick download, that would make it much easier for it to be deployed at massive scale by cyber criminals around the Internet. As Devcon told the media, it has already blocked these polyglot attacks “thousands of times” on clients’ sites, many of which belong to online publishers.
The impact of malvertising on traditional online advertising
In a worst-case scenario, of course, this malvertising ad fraud might extend all over the Internet, thereby degrading the experience for any online user who spends time on any website owned by an online publisher. Moreover, if users wake up to this malvertising scam and simply decide to stop clicking on any ad (fearful that any new ad might be a form of ad fraud), then it could have serious repercussions for the entire online advertising space.
Digital ad fraud, then, is a very real concern for all parties involved – web users, online publishers and online advertisers. The more prevalent that malvertising attacks become, the more likely that there will be negative repercussions for ad networks, ad tech companies, and national advertisers. Ad fraud malware could be lurking anytime a user decides to visit websites, thereby exposing millions to malicious redirects and massive ad fraud.
At one time, the “bad guys” only focused on ads and clicks for classic “click fraud.” But now the threat actors include “bad bots,” and that has raised the stakes considerably. It’s now possible to run a malvertising campaign the same way you might run a traditional online advertising campaign.
A new crackdown on digital ad fraud
What might be needed is a broader crackdown on malvertising attacks, including all forms of malvertising ad fraud. The ad fraud space is getting increasingly crowded, and the thinking now is that many mainstream hackers are getting involved, seeing how easy it is to generate quick profits from unassuming web users. At some point, it may no longer be enough to rely on white hat hackers – there may be a need for a more vigorous response from regulatory authorities to keep cyber criminals from using the ad fraud space to exploit users.