More Malware Spreading Through Advertising

My biggest grip with the advertisement based model most Internet services have opted to use is that ads can easily be used to spread malware. Because of that I view ad blockers as security software more than anything. And the Internet seems to enjoy proving my point every few weeks:

As a security researcher, it’s always exciting to discover new vulnerabilities and techniques used by malicious actors to deliver malware to unsuspecting users. These moments are actually quite rare, and it’s increasingly frustrating from a researcher’s perspective to watch the bad guys continue to use the same previously exposed methods to conduct their malicious operations.

Today’s example is no different. We discovered a malvertising campaign on Google AdWords for the search term “Google Chrome”, where unsuspecting MacOS users were being tricked into downloading a malicious installer identified as ‘OSX/InstallMiez’ (or ‘OSX/InstallCore’).

In this case the malware didn’t spread through a browser exploit. Instead it exploited the weakest component of any security system: the human. The malware developers bought ads from Google so that their link, which was cleverly titled “Get Google Chrome”, would appear at the very top of the page. This malware was targeted at macOS users so if you were a Windows user and clicked on the link you’d be redirected to a nonexistent page but macOS users would be taken to a page to download the malware installer. After running the installer the malware opens a browser page to a scareware site urging you to “clean your Mac” and then downloads more malware that opens automatically and urges the user to copy it to their Applications folder.

As operating systems have become more secure malware producers have begun relying on exploiting the human component. Unfortunately, it’s difficult to train mom, dad, grandpa, and grandma on proper computer security practices. Explaining the difference between Google advertisement links and Google search result links to your grandparents is often a hopeless cause. The easiest way of dealing with that situation is to hide the ads, and therefore any malware that tries to spread via ads, from their view and ad blockers are the best tools for that job.

Unfortunately, the advertisement based model isn’t going away anytime soon. Too many people think that web services are free because, as Bastiat explained way back when, they’re not seeing the unseen factors. Since they’re not paying money to access a service they think that the service is free. What remains unseens are the other costs such as being surveilled for the benefit of advertisers, increased bandwidth and battery usage for sending and displaying advertisements, the risk of malware infecting their system via advertisements, etc. So long as the advertisement based model continues to thrive you should run ad blockers on all of your devices to protect yourself.

One thought on “More Malware Spreading Through Advertising”

  1. Explaining the difference between Google advertisement links and Google search result links to your grandparents is often a hopeless cause.

    Hey, I may be old enough to be your grandfather (or someone’s grandfather, anyway ;-j ), but I think I’m more careful than the average teen. I run ad blockers just because so many of the ads are obnoxious and stomach-churning. Not to mention ridiculous bandwidth-thieves.

    But yes: cut down on the ads, cut down on the spread of malicious software.

Comments are closed.