Top Malvertising Attacks of 2017

The beginning of a new year is a good time to take a close look at the many cybersecurity incidents that led to major breaches, computer malware infestations and the degradation of the user experience across the board.
As we turn the page into 2018, it’s important to pay attention to alarming trends from malvertising attacks in 2017 and start making preparations to secure our networks.

The 2017 year saw major shifts in the malicious advertising (malvertising) landscape as cybercriminals looked for new ways to booby trap online ads to plant viruses, trojans, spyware and other unwanted software to computer systems.

Here’s a look back at some of the biggest malvertising attacks we saw in 2017:

1. Browser-Based Cryptocurrency Miners

Late in 2017, news broke of multiple malicious hacker groups using rigged online ads to push malware that hijacked the user’s computer resources to generate cryptocurrencies.

In these attacks, hard-coded snippets of JavaScipt were embedded into the code used to serve legitimate online ads to plant malware directly into the victim’s web browser.

The JavaScript code snippets used to power the browser-based mining operation were distributed via malvertising that involved buying traffic from an ad network and distributing malicious JavaScript instead of a traditional advertisement.

The JavaScript code, which was executed inside the browser, powered a cryptocurrency mining operation mostly on gaming and video streaming sites.

2. Malicious Ads Target Adult-Themed Sites

A major adult-themed pornography website that relies on advertising for its revenue found itself victimized by malvertising in an attack that redirected users to a third-party site that offered fake security updates for Google Chrome, Mozilla Firefox and Adobe Flash.

Screenshot of the fake Mozilla FIrefox update served in the malvertising attack. Source: Proofpoint.

A user tricked into clicking on the fake software update got infected with a malware called Kovter that took control of the computer and used it in a click-fraud operation.

The PornHub attack was active for more than a year and exposed millions of victims in the U.S., Canada and the United Kingdom.

3. WordPress Vulnerability Leads to Malvertising

The last year also saw malicious hackers pouncing on an old WordPress software security flaw to infect more than 1,000 websites with malware capable of injecting code to serve malicious ads.

According to security researchers, the exploited vulnerability existed in outdated versions of two WordPress themes and was capable of taking complete control of the targeted WordPress website.

According to security vendor Sucuri, multiple code injections were included in the attacks with injections ranging from ad scripts coming from established ad networks like to new domains created specifically for those attacks.

These scripts led to a chain or directly to various scams and advertising websites.


4. Equifax Stained By Malicious Redirects

Equifax, the major credit reporting agency, was in the middle of responding to a major data breach when news broke that one of its third-party vendors was running malicious code on an Equifax website.

The company did not provide details of the malvertising attack except to say that the issue involved a third-party vendor that Equifax used to collect website performance data and “that vendor’s code running on an Equifax website was serving malicious content.”

The company’s admission came after security researchers noticed redirects and fake pop-ups originating from Equifax’s website. The pop-ups were attempting to trick users into installing fraudulent security updates for popular software programs.


5. Malvertising Distributes Ransomware

As we predicted in May 2017, the web ecosystem was ripe for malvertising attacks that pushed dangerous ransomware to computer systems. By June, we saw major ransomware attacks on the University College London that was spread via maliciously rigged online ads.

The attack was linked to the notorious AdGholas group that is believed to be behind some of the largest malicious advertising campaigns.

According to security vendor Proofpoint, an AdGholas infected chain was the main culprit behind a wave of ransomware attacks against universities, websites and businesses in the United Kingdom.

In a separate case, the ‘Matrix’ ransomware was being served via malicious ads in the RIG exploit kit. The exploit kit was used to deliver the ransomware through malicious advertising that targeted users running vulnerable versions of Internet Explorer and Adobe Flash.

As we look forward to 2018, it’s crucial to pay attention to the trends described above and work together on protecting the user experience. Malvertising is a massive, mainstream problem and publishers and brands continue to be a major target. If you want to protect the user experience, then talk to us, the experts in malvertising protection and ad quality monitoring online and on mobile.


Take A Deeper Dive Into the Ad Tech Industry

Tobias is an experienced marketing leader and Chief Business Officer at GeoEdge. He believes success in business is fueuled by a passion for the product and purposeful messaging. Connect with Tobias on Linkedin to discuss strategic business development.

Malvertising, the practice of sprinkling malicious code into legitimate-looking ads is growing more sophisticated. GeoEdge’s holistic ad quality solution has you covered.


450+ Publishers & Platforms