Tech

RIVERA: How Big Tech enables cybercriminals via ‘malvertising’

In 2023, most internet users already realize that the online world can be a dangerous place if they fail to take proper precautions, as it is a hotbed of potential scams, identity theft and other malicious activities.

With innovative cybercriminals constantly developing new ways to steal people’s personal data and extort large ransoms by exploiting vulnerabilities in computer networks, your next click can open a trapdoor loaded with potential headaches.

Many of these attacks can be avoided by simply avoiding questionable websites like the plethora of freeware sites that often promote illegitimate or cracked versions of popular software, often packaged in bundles with other apps or software that may be loaded with malware. Following other common-sense precautions like not opening email attachments from unknown senders can also offer a measure of protection.

But even when so-called “best practices” are followed online, many cybercrimes occur without the user being immediately aware, because nowadays, even seemingly innocent online activity can lead to significant risks. And perhaps no other current threat has the ability to rope in suspecting users more easily than “malvertising.”

Advertisement 3

What is Traditional Malvertising?

Malvertising is a method of cyberattack which abuses online advertising platforms to steal sensitive user data and spread malicious content, including malware and ransomware. It takes advantage of popular advertising networks to gain access to unsuspecting users’ systems or networks, allowing attackers to steal data or infect devices with damaging viruses and other code.

Malvertising campaigns typically infiltrate advertisements for popular products, services or websites, and despite the fact that the ads may look perfectly normal, they contain hidden code which will either redirect users to malicious websites that can then execute their attack, or install malware on devices.

Advertisement 4

Malvertising campaigns are notorious for sometimes using vulnerable applications such as JavaScript and Flash Player to deliver malicious payloads instead of simply redirecting users away from legitimate sites. Regardless of how it is accomplished, the end result is the same: A user’s device or network has been compromised. Malvertising is an especially dangerous type of cyberattack because it can be difficult to detect and stop. As such, users should take extra caution when browsing online, particularly when clicking on advertisements.

But what happens when you innocently go to one of the more reputable and universally trafficked search engines in the world, Google, only to find yourself victimized, not by hacks executed via infiltrated advertisements, but by ads that were actually approved and then promoted by the Google Ads platform?

Advertisement 5

How Are Hackers Using the Google Ads Platform to Steal Data and Spread Malware?

A recent wave of cyberattacks that have been manipulating the Google ads platform to victimize individuals and entities in both the private and public sector seems to be more of an indictment of the lax policies of the tech giant than any new breakthrough in the online underworld.

According to reports, hackers have been able to dupe Google into running ads for such notable everyday products and services that include Adobe Reader, Microsoft Teams, OBS, Slack, and Thunderbird. The fake ads lead users to be victimized by malware gangs that include AuroraStealer, IcedID, Meta Stealer, RedLine Stealer, Vidar, Formbook, and XLoader.

According to a statement from Google on the matter, “Bad actors often employ sophisticated measures to conceal their identities and evade our policies and enforcement. To combat this over the past few years, we’ve launched new certification policies, ramped up advertiser verification, and increased our capacity to detect and prevent coordinated scams. We are aware of the recent uptick in fraudulent ad activity. Addressing it is a critical priority and we are working to resolve these incidents as quickly as possible.”

Advertisement 6

The lack of due diligence on the part of Google is startling, especially when considering that in 2022, Google’s ad revenue amounted to a whopping $224.47 billion. Additionally, their unwitting participation in these online schemes potentially open up the organization up to possible liability from victims, as the organization may possibly be considered to be technically operating as an accessory to cybercrime.

Dennis Batchelder is CEO of AppEsteem, a watchdog group that has identified and labelled questionable online ad-related activity as “ad pollution.” According to him: “If they’re serious about preventing bad actors from using ads to trick consumers, Google not only needs better controls, but they also need to re-think their policy of how they sneak paid ads into their search results. They’re just as responsible, and they should be held accountable, for consumers getting tricked.”

See also  MTV VMAs: Taylor Swift wins big, ties Beyonce's record and thanks Travis Kelce

Advertisement 7

Regardless of whether this matter gets the appropriate amount of news coverage, Google should immediately prioritize identifying the cracks in their business model that have allowed for such brazen online criminality. They certainly turn a large enough profit to be able to afford to create an extra layer of consumer protection via increased manpower and an improved advertiser vetting process.

The various internet advertising mechanisms that currently exist, which already include the annoyances associated with adware programs like the ‘Pdf download tool’ that bombards users with sponsored ads and browser hijackers and extensions like Infinity Search that quite literally take over your online search attempts, are dangerous enough. But, if Google, which is universally regarded as the gold standard among search engines ceases to be a safe haven for web browsers, where will novice web surfers be able to turn to in order to conduct safe searches on the internet?

— Julio Rivera is a business and political strategist, Editorial Director for Reactionary Times, and a political commentator and columnist. His writing, which is focused on cybersecurity and politics, has been published by many of the most heavily trafficked websites in the world.

Related Articles

Leave a Reply

Back to top button