Fraud Alert: The Dangers of Malvertising
Just like social media is becoming a hotbed of deepfake videos and bogus products, malvertising, which is used for phishing attempts, scam pages, and even disguised malware, is rapidly spreading on almost every online platform. In fact, unless you have a paid subscription, you will find everything online rife with advertisements. You may think the ads are legitimate, but that is no longer the case. 
 
For example, a user posted a video advertisement on Facebook featuring journalist Ravish Kumar. In the video, Mr Kumar can be heard promoting a new, single-dose drug to normalise blood sugar. 
 
After finding the video, Mr Kumar issued a clarification on X, saying that his audio clone was used on the video of his report on five new reports on Adani.
 
 
Similar tactics for selling a drug for diabetes are also used in the name of Bollywood star Amitabh Bachchan and journalist Rajat Sharma.
 
While the posts are still there, Facebook has disabled the video, saying, "Independent fact-checkers say that this information could mislead people."
 
Such fake advertising posts or videos may make you buy a sundry and untested product. 
 
However, malvertising is more dangerous, since cybercriminals use it to hook and engage with people for exploitation. For example, the innocent-looking online ad or pop-up may be a phishing attempt that will redirect the user to a malicious website or even download and install malware on the device. 
 
No wonder YouTube, where billions of eyes scan through endless streams of content, has become the home of new and insidious cyber threats–particularly phishing and malware.
 
"The combination of automated advertising systems and user-generated content provides a gateway for cybercriminals to bypass conventional security measures, making YouTube a potent channel for deploying phishing and malware. Additionally, YouTube serves as a conduit to traffic distribution systems (TDS), directing users to malicious sites and supporting scams ranging from fake giveaways to investment schemes," says security services-provider Avast.
 
Malvertising is not new, but cybercriminals are making it craftier using new-age tools. Malvertising attacks use infected ads to spread malware or send you to malicious websites — often, you do not even need to click on the ad to get infected.
 
Interestingly, fraudsters legitimately buy space on popular websites. However, they use the space to post seemingly harmless ads containing malicious codes that attack victims as soon as the ad appears on the page.
 
For cybercriminals, maladvertising is a relatively easy and cheap way to compromise trustworthy websites rather than spending money and resources to attack the website directly. Malvertising also allows criminals or hackers to bypass firewalls and the security of local networks (since it is an approved buyer of the space).
 
Some of the most dangerous examples of malvertising are steganography images (hiding malware within a tiny cluster of pixels) and polyglot images (hiding scripts for executing the code and launching the attack in infected graphics). Malvertising is also used for tech-support (scam) ads, scareware (warning pop-up message) and fake software update windows.
 
While malvertising and adware combine malicious content with advertising, malvertising infects advertising networks to poison online ads and spread malware. Adware, on the other hand, infects the computer first and then displays the ads.
 
How to curb malvertising?
Given that some malicious ads do not require clicks or any other interaction from the user to launch an attack, preventing malvertising is not simple or easy. 
 
However, here are a few suggestions that will help protect you from malvertising...
 
1. Install a good antivirus: It will help you proactively detect and defend against the wide range of malware. It can also locate and remove potentially harmful programs or files already installed on your computer.
 
2. Use an ad-blocker: This perhaps is the most effective way to curtail malvertising on a browser. Do check for add-on tools or extension in your browser support page. Adblock Plus is one of the popular and free ad-blockers available for Firefox and Google Chrome.
 
3. Disable plug-ins in browser: Browser plug-ins are a common vector for malvertising attacks. However, by adjusting your browser settings to limit the plug-ins that run by default, you can block exploitable vulnerabilities.
 
4. Update OS and software: Remember, malicious codes are written to exploit vulnerabilities of the operating system (OS) and software or apps. By keeping the OS, software and app updated you are reducing your chances of being attacked by hackers via known vulnerabilities.
 
5. Use legitimate sources for downloading: Always use authentic sources to download and install software or apps. Avoid downloading apps from any random or unknown sites. 
 
Stay Safe!
Comments
Fraud Alert: Facebook Account Hacking & Safeguarding Social Media Accounts
Yogesh Sapkale, 28 June 2024
Earlier this week, I noticed my friend and classmate posting a Facebook profile photo of another friend with a changed name. I first thought he was mocking the other friend (let's call him Nandu). However, I soon received a frantic...
Fraud Alert: Zara Hat Ke, Zara Bach Ke!
Yogesh Sapkale, 21 June 2024
While describing the challenges in Mumbai, Bambai or Bombay—as the city has been known over the years—Johnny Walker, in the 1956 Hindi superhit film CID, warned saying, "Zara hat ke zara bach ke, yeh hai Bombay meri jaan". Nearly...
Fraud Alert: Mobile Apps Are Watching, Recording you!
Yogesh Sapkale, 14 June 2024
The antivirus app installed on your mobile device is expected to protect you, right? But what if the same app is also handing over your browser history to a major marketing company? In January 2020, PC magazine found out that user...
Fraud Alert: Scammers Playing Longer 'Pig Butchering' Games
Yogesh Sapkale, 31 May 2024
Mumbai-based Shishir Kumar (name changed), a retired director of a public sector unit (PSU), wanted to dabble in online trading. By clicking a link on a Facebook ad, he was added to a WhatsApp group. He was also 'trained' by experts...
Array
Free Helpline
Legal Credit
Feedback