Malware in Digital Ads

No one really likes when ads clutter a web page and now there’s a better reason to dislike like them. Not just annoying anymore, researchers have found some digital ads are hiding a new and improved malware. They recently discovered a new technique with advanced tactics that target digital ads. These ads no longer require a user to click on them to install malware–it’s already loaded onto the web page and hiding in plain sight. They’re cutting edge, they’re very tricky, and more hackers are starting to use them.

Malware ads, also called malvertising, are nothing new to the digital world. Pop-up ads loaded with Trojan malware have been plaguing the Internet for years. Most users know the dangers of pop-up ads and know to avoid them. Earlier malvertising included using a technique called steganography, which hid malicious code in the pixels that create an advertising image. However, the image appeared low quality compared to the other ads on the page, making it easier to spot and avoid. Not anymore…

Researchers at Devcon exposed new form of digital ads that look totally legitimate–and they’re not just pop-ups anymore. It’s called polyglot, a weird name for a very effective hacking technique. Using polyglot in digital ads is a very effective way to hide malicious code in an image that looks high quality. When a web browser uploads the photo, it also uploads the hidden malware. These ads redirect users to another web page offering a store gift card or other incentive. They might contain cryptomining–a way to steal power from a device for mining cryptocurrency. Polyglots can also install a remote access trojan that gives hackers access to the device for future attacks.

The researchers actually found the malware on the websites, MyFlightSearch, which helps people find discounted airfare, and JobsImpact, which purports to help people find jobs. Both legitimate reasons to be browsing, but disappointing to get caught up in a malware attack unexpectedly. That’s why it is so important to know the websites you visit. And to avoid typosquatting or domain jacking attacks, take a quick look at the URL before hitting the “return” or “enter” key.

Digital malvertising, like other hacking methods, is greatly improving over time. With polyglots, user interaction is no longer needed to install malware. Devcon researchers fear it may become even more prevalent if polyglot is included in toolkits easily accessible to hackers. At the moment, the only thing users can do is cross their fingers and hope for the best.