Expert Tips To Protect Against Malvertising Attacks

Of all the cyber threats driving headlines, content-driven malvertising might be the most difficult for industry stakeholders to fathom and no less, battle. Adi Zlotkin, GeoEdge’s VP of Security and Data sits down for an interview about the latest incidents of interests and malvertisers sweet spots.

Tell us about your current role and the team/technology you handle 

“I’m the VP of Security and Data at ad security provider GeoEdge which means that I lead our security research team. Our team is responsible for monitoring our clients’ mobile and Internet traffic as we uncover and stop malicious attacks like Morphixx.

In 2020, with malicious actors becoming more technologically sophisticated and marketing savvy as they capitalize on new opportunities brought on by COVID-19, this means dealing with a world where cyber meets social engineering.

So, it’s not just about stopping malicious ads. We develop technology that uncovers and stops malicious scams before unsuspecting users get to the page with many comments.

At GeoEdge, our efforts to keep our publisher clients and their users and marketing partners safe and free from malicious ads and content begins with our patented behavioral code analysis which is the heart of our advanced malware detection technology. Within this technology offering, we focus on content analysis for deceptive ads and deep landing page analysis and utilize our advanced anti-clocking technology. Our Hackers Intelligence unit runs ongoing scans for delayed attacks on URLs and in-app to ensure that our clients and their users don’t become victims of malvertising attacks.”

What is the premise of your recent reporting of the Morphixx malvertising scam? How did you analyze your results?

“Using GeoEdge’s proprietary behavioral code analysis, our Security Research team discovered the Morphixx malicious credit card scam campaign.

Morphixx began in Europe on June 23rd, in low volumes, and without the malicious payload to slip past security checks and gain the trust of ad networks by inserting “Adidas” into the campaign URL. This enabled the Morphixx campaign to be served from a known and trusted ad server. On June 28th – on a Sunday when fewer security employees are working because it’s the weekend – the campaign volume increased dramatically with the malicious payload.

On Saturday, August 15th, the Morphixx malicious credit card scam campaign attacked in Japan, and on Sunday, September 6th, in the US.

The malicious attackers use obfuscated scripts including a three-stage obfuscated code and a timestamp. In addition, the script is armed with two anti-debugging functions that “disturb” the reverse engineering, but our technology and Security Research team managed to overcome this.”

What are the real dangers of identity theft and how does it impact the banking/credit card segments?

“In the past, if someone wanted to steal your money, they had to steal your wallet or rob a bank – and people knew pretty quickly that they had been robbed. With identity theft, malicious actors can have access to credit card information for hours, days, even weeks and months without people knowing that they’ve ‘robbed’. And it can happen after simply clicking on a malicious link and providing information to what seems like a trusting partner.

This requires greater vigilance on the part of the financial services industry as well as extensive and continuous education for users, particularly those who are older and/or newer to digital finance.”

We hear a lot about the Dark web and its dangerous affiliations to social engineering and privatized ransomware syndicates. Could you tell our audience which countries/industries have been the worst affected?

“From our experience at GeoEdge, the countries which have been most negatively impacted are also the countries with the highest incomes because there simply is more money to steal. These countries include Japan, Australia, and New Zealand as well as the United States and Canada, the UK, France, Netherlands, Belgium, Germany, Switzerland, Austria, Italy, Spain, Portugal, and the Scandinavian countries. These countries tend to be more advanced in their use of the Internet, too.

Now, we’re starting to see more attacks in other high-income countries including the Gulf states in the Middle East, as well as in emerging markets in South America, Asia, and Eastern Europe.”

Other than the Morphixx scam, any other recent targeted cybercrime you want to tell us and how you are analyzing these?

A trend we’re seeing at GeoEdge is that malicious actors are investing more in content marketing to encourage users to fall victim to their scam attacks. In Morphixx, as I said above, the prize redemption page had a lot of comments on it, many from people with profile pictures.

According to research from GeoEdge, content marketing including deceptive sites and personally targeted content, is six times more effective for malvertisers than auto-redirect ads.

Another example of enhanced content marketing is the creation of malicious cloned sites which look like real websites such as or There has been a big increase in the use of malicious cloned sites in 2020, including the sites of global UK bank HSBC, which are resulting in millions of dollars in losses.

GeoEdge is using our proprietary behavioral code analysis technology run by our Security Research team to analyze malicious content marketing activities.

Tell us about the emerging technologies you are keenly following in advertising and brand safety:

“In Malvertising, it’s less about emerging technologies and more about vulnerabilities and opportunities which the malicious actors are exploiting.

In 2020, COVID-19 continues to be a major opportunity that malicious advertisers are exploiting.

As part of this effort, we’re experiencing a significant increase in content marketing activities as malicious advertisers improve their results by investing more in the content next to which their scams appear. It could be a prize redemption landing page with multiple comments or a well-written but completely fake website, but malicious advertisers are benefitting from an increased investment in content marketing which is making it easier for unsuspecting users to fall victim to malicious scams like Morphixx.

For those entering the field of IT Security, I recommend that they take the time to double and triple check the conclusions they reach because, in this industry, things are usually different from what they seem. Many times, we’ve uncovered multiple layers of obfuscation within a scam, only gaining the full picture after multiple researchers reviewed the malicious code. Therefore, don’t be afraid to run things by others before sending out your conclusions. In IT security, it takes a village to keep us all safe.”

Tag a person whose answers you would like to see here:

“Though he’s unfortunately no longer with us, the person whose answers I’d like to see here is Israeli professor Yisrael Radai. Professor Radai was a significant contributor to the international computer virus research community since the 1980s, conducting extensive research on Microsoft Anti-Virus. In 1990, he coined the term “malware”.”

See Full Interview With AIthority 

Alisha is a Technology Writer and Marketing Manager at GeoEdge. Her writing focuses on current events in the AdTech ecosystem and cyberattacks served through the digital advertising supply chain. You can find Alisha on LinkedIn to discuss brand building and happenings in AdTech.

Malvertising, the practice of sprinkling malicious code into legitimate-looking ads is growing more sophisticated. GeoEdge’s holistic ad quality solution has you covered.


450+ Publishers & Platforms