Keep Watch: Malvertising Schemes Still Lurking Within Advertising Ecosystem

Advertising scams have plagued the ad tech ecosystem for quite some time, but thanks to industry innovations many protections are now in place. 

Yet, that does not mean a pesky scam does not sneak through the pipes every now and then. In fact, malvertising – the practice of incorporating malware in online advertisements – is still a prominent practice. Bad actors are evolving their scams and they have proved to be more profitable than before.

Malvertising is detrimental not only to publishers’ revenue but also to their reputation. Scams can help spread misinformation, steal consumer data, and affects overall brand safety. It is important that publishers stay vigilant and look out for these scams. Whether that means developing your own tech or partnering with someone else, it is essential that you keep your eyes peeled for any malicious intent lurking around the corner. 

In preparation for our upcoming webinar with Confiant — 2023 Malvertising Preview, Wednesday, November 31, @ 1 PM EST (Register Now!) — we spoke to LD Mangin, CEO & Co-Founder at Confiant. We discussed how malvertising differs from other types of ad scams, the Confiant Malvertising Elite 8 List, malvertising’s impact on consumers and publishers, and more.   

Andrew Byrd: Malvertising and ad fraud are often categorized as two sides of the same coin. Can you tell me how malvertising differs from ad fraud?

LD Mangin: It is important to recognize that ad tech is a circular supply chain. Impressions flow from the user’s browsers to the advertiser, and then creatives flow from the advertiser’s ad server to the user’s browser. Industry insiders think of the former as the demand path and the latter as the supply path. A cyber attacker sees these as two distinct attack vectors that offer different attack opportunities.  

They compromise the supply path using adware (a subset of malware, which the ad industry knows as ad fraud) to steal the brand’s money. They also compromise the demand path using malvertising, which encompasses a myriad of attack types that are oriented to compromise the user or their device (from malware to tech support scams, to investment scams, to phishing attacks — malvertising has it all). So fundamentally malvertising differs from ad fraud because it targets the user, their data, or their device and not the brand’s advertising budget. 

AB: On your website, you include an Elite 8 List of the most prominent malvertising threats. How were you able to identify these bad actors and what advice would you give to publishers to help them identify a malvertising scheme?

LDM: Accurate visibility is a requirement for effective security. Confiant has spent nine years building unique integrations into the ad tech infrastructure to be able to access the bid stream directly. We integrate pre-auction server side with DSPs, in-auction server side with SSPs, and post auction client side with publishers. These integration setups allow us to monitor the bid stream at a level of accuracy so that we can track the bad actors themselves and not just their attacks.  For pubs who want to understand who is hijacking their infrastructure to attack their users, I recommend they call us! 

AB: Major publishers such as The New York Times, Spotify, and the Atlantic have been susceptible to malvertising schemes. How were they able to become the target of these schemes and how would they be able to prevent them in the future?

LDM: They and every other publisher who connects to programmatic are susceptible to this. Malvertising is an infrastructure ad tech – i.e. it is a cyber attack that leverages the ad tech infrastructure, which means it’s important to recognize that those publishers are not the target, they are the path to the victim: the user.

Malvertisers are threat actors who pay to play. I.e. they pay the ad tech industry to let them target people with their attacks. The single biggest thing any publisher can do to mitigate these attacks over the long term is to support buy-side transparency initiatives (Buyers.json, DemandChain Object, and the client-side declaration of creatives) that allow for better attribution of bad creatives to the buyer.

AB: How does malvertising affect consumers? What kinds of problems arise when they are attacked by malware?

LDM: Losing their life savings to an investment scam, having their device hacked by a tech support scammer, having their credentials stolen… all of those are the results of malvertising. 

Register now for our upcoming Webinar: 2023 Malvertising Preview, Wednesday, November 31, @ 1 PM EST.