Malvertising, a portmanteau of malware and advertising, uses online advertising to infect computers with malware. It has been on the rise since it was first encountered in 2007.
How it happens
Many on-line advertisements are delivered to websites via advertising networks, services that share advertisements among various websites, providing the site owners with ad revenue. Such ads aren’t actually stored on the websites where you see them, but are automatically loaded from remote sources. Other advertisements reside on the actual websites where they are seen. In either case, criminals may exploit security flaws in either the ad network or the website in order to inject malware into ads. When displayed in your browser, infected ads may install malware on your computer if it isn’t protected.
How your device can become infected
Clicking on an infected ad can result in your device being infected. But that’s not all. Malvertising doesn’t always require you to click anything for your device to become infected. Some types of malvertising require only that an unprotected browser display a page that contains an infected ad.
What happens if your device is infected?
An infected ad can install malicious software such as ransomware or redirect your browser from a legitimate website you to a malicious one that’s ready to steal your personal or financial information. Fortunately, there are some simple ways to help keep you safe.
4 ways to stay safe
Backup your device
One common use of malvertising is installing ransomware. Ransomware encrypts your files, making them inaccessible until you pay a ransom to get the decryption key. However, if you have a current backup of your device from before it was infected, you may be able to restore it to a pre-ransomware state. In between backups you might copy important files to another location, like a USB flashdrive, or online using Box.com, Google Drive or OneDrive.
Install antivirus software
As a student, faculty or staff member of UW–Madison, you can get excellent protection from malware for free. Get free antivirus software.
Update your device’s OS and other software
Keep the OS on your computer and other devices up to date and patched. Keep applications and other software updated too.
Don’t forget your phone! Android devices generally get quarterly security updates, though this can vary greatly depending on your phone’s age and manufacturer. iOS devices get updated more frequently, but on a less regular schedule. Whichever you use, if your phone is no longer receiving security updates, consider replacing it if at all feasible.
Install an ad blocker or use a browser that blocks ads by default
An ad blocker is software that stops advertising content from displaying in the web pages you visit. Most ad blockers are browser extensions (add-ons in FireFox).
iOS browsers don’t support plugins or add-ons, however, so add-blockers for iOS are separate apps.
Finally, some browsers block ads by default. Brave is a well-known example.
While malvertising is insidious, and the prospect of self-installing malware is frightening, if you follow these recommendations you will improve your chances of staying safe.