5 Things That Motivate Malvertisers

Cyber criminals look for ways to infiltrate ad networks and ad serving platforms using various types of malvertising in the digital ad ecosystem. The intention is to exploit and harm website users directly, via the introduction of malware, phishing attacks, ransomware or forced redirects, all looking to exploit weaknesses that can do real, practical damage to users lives via data harvesting and scams. 

Not only does Malvertising affect end users, it also shatters their trust in publisher sites whose bad ads may have caused their devices to be attacked, and it also directly affects the reputations, businesses and revenues of publishers, ad serving platforms and ad networks. 

Malvertisers are motivated to launch malicious, unsafe, or exploitative ad campaigns for a variety of reasons. Here we will take a look at five of the most common motivations for cyber criminals:

5 Motivations

1. Profit

Money is the largest single driver for the majority of malicious campaigns within the digital ads ecosystem. Malvertising allows cyber criminals to exploit end users for financial gain in multiple ways. For example: 

Scareware appears as a fake program that is designed to fix something on your device using a warning such as ‘your device is infected with a virus.’ The criminal is trying to frighten the user into purchasing the software that claims to fix their device.

Here are two Scareware examples detected by AdSecure:

Case study 1: Scareware with fake virus alert, ad appeared on a US lifestyle website

This type of ad is normally delivered as a popunder campaign. Once the end user closes the tab of the website they were viewing, this ad will show in a separate tab of the browser.  

The malvertiser was targeting end users via device: mobile, OS Android 9.0, browser Chrome. Notice that the artwork isn’t very high quality with the text appearing pixelated.

If the user closes the browser displaying the popunder ad, nothing will happen, as it is a fake virus alert. However, if the user believes what the ad text is saying, the user will click on the CTA of the ad, which will direct to the Google Play store. Many times, the offers behind this kind of fake alerts are real antivirus applications which are listed on the app stores for users to purchase. However, the Scareware tactic that some advertisers use is over aggressive and it can lead to a very negative user experience and reflect badly on the publisher site. As a consequence, most publishers reject these types of ads from running on their website in order to keep the users engaging with their website feel safe and satisfied.

Advice: Publisher sites should check that blocking of antivirus software offers is available on the ad network or platform being used to stop these ads being shown to end users

Marketing Technology News: Software Supply Chain Security – How Not To Get Attacked

Case study 2 – Scareware featuring fake Microsoft tech support, ad appeared on a US entertainment website

Fake tech support alerts are one of the most malicious ads that can harm users, this example was delivered via a banner ad promoting an online dating website. The malvertiser targeted the banner ad to desktop users, Windows OS, using the Edge browser. Once the user clicked on the banner ad they were redirected to this landing page featuring a fake Microsoft tech support message that appeared on the users screen. This also features bad English grammar.

The malvertiser heightened its scare potential by locking the user’s browser as well as playing an alert type sound to try to force the user to call the number on the landing page for “tech support.” Once the user calls, the malvertiser will take credit card details to pay for fixing the fake issue. As a consequence these types of ads leave the end user open to a credit card data breach and negative user experience, damaging the Publisher site’s relationship with the user. 

Advice: Publishers should be aware that malvertisers will tend to start their campaign with a legitimate offer to get the campaign through an ad network’s Compliance scrutiny, then once the campaign has been running for a while they will switch the campaign and landing page url to a malvertising campaign. Make sure that you work with an ad network/platform that constantly checks campaigns that are live on their network for this kind of tactic.

More ways malvertisers profit from unsuspecting users: 

Ransomware claims that the end users device has been locked and they will lose all their files unless they pay a fee to the criminal.

Phishing can appear as an ad or an email that uses fake information to convince the end user it is a legitimate entity, the end user clicks on a link thinking it is legitimate which can download malware to the users device or can ask them for sensitive data such as passwords, credit card details, etc

Malware is a malicious software that an end user downloads to their device by clicking on a link on a malicious ad or its landing page. Once installed the cyber criminal will use the software to see what is happening on the users device to steal personal data, use their device for crypto currency mining, etc.

2. Low risk/High reward

The relatively low risk of being caught or being punished for engaging in malicious attacks in comparison to the potential monetary rewards make it easy for malvertisers to keep trying to run malicious ads, and continue when a bad campaign has been unmasked. For every big story we hear about a malvertising operation being uncovered and police making arrests, there are hundreds, likely thousands of bad actors who remain comfortably anonymous.

3. Simplicity

Finding exploit kits on the dark web is now incredibly easy, and not particularly high cost. Malertisers can also usually get started on many ad networks as an advertising partner and be active for weeks or months before they are detected and banned from the network, often after the damage is well and truly done.

4. The fun of it

Sometimes, they do it for the LOLs. This can be a strong driving force behind the launch of explicit or offensive ads on major websites, the humour and pleasure they derive from getting an adult image up somewhere it shouldn’t be.

5. Media manipulation

We increasingly live in a time of “post-truth” media. Fake, misleading news and deep fake technology allow some scammers, or those with more sinister political agendas craft their desired narrative, and then easily get that narrative in front of billions of people around the world.

What can Publishers & Ad platforms do?

Know your demand partners: It’s important to only work with trusted partners who have a strong track record. When working with new advertisers, monitor their campaigns closely.

Active monitoring is key: Daily, routine analysis of the ads you work with will help detect and eliminate issues when they happen, and sometimes before. Through a solid regimen that includes pre-screening, live active monitoring, and real-time blocking, identifying malicious, or low quality, off-brand content can help you maintain control and unmask bad actors.

Stay modern: Malvertisers most certainly do. The most modern methods for maintaining ad quality, when properly utilised, will help uncover issues that older methods, like cache based real-time blockers or old web crawlers miss. 

Marketing Technology News: Zington joins Dynamicweb Partner Community as B2B eCommerce Continues to Accelerate