Description: Malvertising, a combination of the words ‘malware’ and ‘advertising’, refers to the use of online advertising to spread malware. This phenomenon has become one of the most insidious tactics in the realm of cybersecurity, as it allows attackers to infiltrate unsuspecting users’ devices through seemingly legitimate ads. Malvertisements can appear on reputable websites, tricking users into clicking on them, which triggers the download of malicious software without their knowledge. Often, these ads are distributed through advertising networks, complicating the identification of their source. The nature of malvertising is particularly concerning because it can affect any Internet user, regardless of their level of technical knowledge. Additionally, attacks can be difficult to trace and mitigate, as ads can be quickly removed or changed to evade detection. The growing sophistication of these campaigns has led to increased investment in security technologies and user education about the risks associated with online browsing.
History: The term ‘malvertising’ began to gain popularity in the mid-2000s when attacks through online ads became more common. One of the first notable incidents occurred in 2007 when it was discovered that an advertising network was being used to distribute malware. Since then, malvertising has evolved, with increasingly sophisticated attacks using techniques such as exploiting vulnerabilities in web browsers and their plugins.
Uses: Malvertising is primarily used to distribute malware, which can include viruses, trojans, ransomware, and spyware. Attackers employ this technique to steal personal information, hijack devices, or even launch denial-of-service attacks. Additionally, malvertising can be used to redirect users to fraudulent websites that seek to steal credentials or financial information.
Examples: An example of malvertising occurred in 2016 when it was discovered that an advertising network was serving ads containing an exploit kit called Angler. This kit exploited vulnerabilities in web browsers to install malware on users’ devices. Another notable case was the attack on Yahoo’s advertising network in 2014, where malware was distributed through ads on its platform, affecting millions of users.
