From redirects to infected SSPs, malicious attacks show no sign of slowing down.
As Q1 kicked off, behind the screens, malvertisers tightened their grip on adtech, reshaping the digital advertising landscape. Recent findings from GeoEdge’s security team indicate a rise in malicious advertising worldwide, with notable spikes in the US and UK driven by the ScamClub video malvertising campaign. Although auto-redirects have decreased from their 2023 peak, they still constituted a quarter of all malicious advertising blocks in the first quarter of 2024. Many of these are linked to the infamous ScamClub VAST campaign.
Behind the Screens: Malware’s Grip on AdTech
Analyzing trends from Q1 of 2024 and comparing them to the previous year reveals notable shifts in attack vectors. One concerning trend is the rise in misleading product offers. In Q1 2024, misleading offers accounted for 29% of malvertising attacks, marking a noticeable increase from the 26% recorded in 2023. These tactics lure unsuspecting users with enticing product deals or discounts, leading them to malicious websites or fraud.
Another prevalent method employed by malvertisers is auto redirects, where users are redirected to malicious websites. Despite a slight decrease from 28% in 2023 to 25% in Q1 2024, auto redirects remain a significant threat to AdTech and users, often leading to phishing scams or the installation of malware.
Malicious extensions and add-ons represent another avenue for malvertising attacks, comprising 16% of incidents in Q1 2024, compared to 13% in the previous year. These extensions, often disguised as legitimate tools or utilities, can compromise user privacy and security by harvesting sensitive data or injecting unwanted advertisements.
Financial ad scams and tech support scams are also prevalent in malvertising campaigns, with financial ad scams increasing slightly from 13% in 2023 to 14% in Q1 2024. Meanwhile, tech support scams saw a notable rise from 2% in 2023 to 6% in Q1 interaction to trigger their deceptive schemes. In February and March, there was a slight decrease in malicious ad volume, while pre-click attacks that don’t require user interaction became more prevalent.
Q1 of 2024 showed a notable change in the devices targeted by scammers. Desktops became the primary target for malicious attacks, comprising 57% of incidents. This is a reversal from the prior trend of targeting mainly mobile devices. This shift points to a strategic adaptation by scammers, who now utilize clickbait ads to execute post-click scams predominantly on desktops. Conversely, mobile attacks, which account for 42% of incidents, mainly involve pre-click redirects.
SSP Malvertising Overview
When GeoEdge conducted platform-specific analysis, Google Ads saw a marginal decrease in infection rates, down from 1.25% to the current rate of 0.98%. SSP06 recorded the worst performance, with nearly 3% of its ads blocked for malicious content in Q1 of 2024. SSP10, normally known for high ad quality standards, experienced a surprising spike in infection rate to 0.86% this quarter, nearly tripling its previous annual total. This was driven mainly by financial scams and misleading offers aimed at desktop users in North America. SSP12 also showed deterioration, with an infection rate that soared to 2.56%, largely due to a surge in financial and fake antivirus scams in the US and Italy in January.
The rise in malicious advertising in early 2024 requires a robust response from all digital stakeholders. The increasing sophistication of attacks, particularly in those that leverage clickbait and the ScamClub campaign, underscores the need for ongoing vigilance and innovation in security strategies.
