Malicious Ads Embedded in Ad Images Gain Traction

Steganography – the practice of concealing a file, message, image or video within another file, message, image or video – is a growing trend this year, being implemented by malicious advertisers who insert their malicious codes into ad images
With malvertisers always looking for new ways to infiltrate their malicious code, a trend gaining traction in Q4 2018 is steganography – the act of embedding malicious code into an unseen image hidden in an ad’s image.


GeoEdge, first noticed an increase of incidents of steganography with malicious code inserted into ad images earlier this year through the company’s Real-Time Blocking solution for publishers.

And the number of incidents has been growing exponentially in Q4 2018.


Experian, a multi-billion dollar global information services company had one of their ads innocently targeted with a second image, one that was not visible to the user but hidden inside the ad request which called up the embedded malicious code.

Once the ad appears on a user’s desktop or phone, the malicious code is enabled. In this instance, the malicious code was an auto-redirect to a phishing site targeting U.S. users.

Other instances uncovered by GeoEdge’s Real-Time Blocking Solution for publishers found additional malicious campaigns utilizing auto-redirects sending unsuspecting users to malicious websites.

Beyond the Lost Revenue 

For publishers, beyond the lost dollars in revenue, these redirects to malicious ads cause a bad experience for site visitors who are unsuspectingly taken to sites they didn’t want where they can fall victim to phishing attacks and expose their personal and financial data such as e-mail addresses, credit card numbers, social security numbers and other information.


According to GeoEdge’s research, last year auto-redirect malvertising attacks cost publishers $210 million and marketers $920 million, resulting in a $1.13 billion annual loss for the online advertising ecosystem.

That number will be 20-30% higher next year according to the amount of such attacks being seen via GeoEdge’s Real-Time Blocking solution.

Why images?

Not every security provider monitors and analyzes images for malicious code on a constant basis.

This creates an opportunity for the exploitation of a potential vulnerability in the embedded images which, if left undetected, could provide malicious advertisers with a potential windfall.

“We first noticed incidences of steganography – malicious code embedded in images – in early 2018 but since then, in the last few months, the number of such attacks has increased exponentially,” says Adi Zlotkin, Security Research Team Leader, GeoEdge.


GeoEdge’s Real-Time Blocking for publishers, launched earlier this year, monitors every publisher impression, eliminating in real-time ads that do not belong before the user can see the impression.

Offending ads are blocked and safe ads are served automatically and immediately, protecting the publisher’s revenue.

Blocking malicious and low-quality ads — including auto-redirects — before they are served, enables GeoEdge to prevent these type of ads from having any impact on the user, ensuring a clean, safe and engaging user experience for publishers’ visitors.


“The use of steganography increases the sophistication in the constantly evolving arsenal of tactics employed by malicious actors, making a detection technology solution which is updated weekly, daily and even hourly, coupled with real-time blocking, a necessity for publishers today,” says Amnon Siev, CEO of GeoEdge.


GeoEdge enables the supply side to focus on publishing.

The company handles malicious and unsafe advertising so that publishers and supply-side clients can focus on optimizing their advertiser campaigns and provide better and more effective relations with their clients in the time saved.

GeoEdge enabled clients to find a 90-95% reduction in complaints through the elimination of offensive and malicious ads and gain full transparency and visibility of their entire ad inventory beyond the blocked malicious ads enabling better management of each partner’s brand safety needs.

Michal is an experienced and versatile customer marketer, passionate about understanding people and building awareness about how our products/services satisfy their business needs. You can find her on Linkedin to discuss her approach to strengthening client relationships.

Malvertising, the practice of sprinkling malicious code into legitimate-looking ads is growing more sophisticated. GeoEdge’s holistic ad quality solution has you covered.


450+ Publishers & Platforms