Being on trusted platforms could potentially expose you to malicious ads that install malware, steal data, or trick you into handing over sensitive information. We think just because content is on a trusted platform that is well known, it’s safe. Yet even these platforms can harbor malicious ads. So today, we’ll go over how ads on trusted platforms can lead to cyberattacks by explaining what malvertising is, with real-world examples, and providing you with malvertising prevention tips.
What is Malvertising?
Malicious advertising or malvertising is when attackers inject malware into a user’s device when visiting malicious websites or clicking on malicious ads online. It can also redirect users to a malicious site where their data is stolen or malware is downloaded onto their device.
A common misconception is that these malicious ads only appear on sketchy sites. But there have been numerous reports of these ads appearing on trusted platforms such as Facebook. While these sites claim to have protections to prevent these malicious ads from being advertised, some are still slipping through the cracks.
Examples of Malvertising
Recently, attackers used Meta’s ad platform to deliver malware through fake TradingView ads. This campaign was targeted at mobile Android users. Clicking on the ad would redirect them to a webpage impersonating the real TradingView site. It would ask for accessibility and, once granted, would appear to be updating, while it would actually give itself permissions to execute the attack. This attack can steal and export 2FA codes, record screens and keystrokes, and remotely control a user’s device.
Another trusted platform that is known for malicious ads is Google. With their Google ads, attackers can impersonate brands and redirect visitors to scam sites. Or they may have these ads redirect to a legitimate-looking landing page, so when you enter your credentials, it gives you an error. When it really harvested your credentials for a cybercriminal.
Photo by MalwareBytes
How Malicious Ads Affect Companies
Companies may think they aren’t affected by malicious ads since they primarily target consumers’ leisurely shopping. But in one survey, 52% of respondents admitted to using company time for online shopping. If an employee is on the company network and falls for one of these attacks, the company may be subjected to a cyberattack.
Or as we mentioned earlier, login portals are another way for attackers to gain access to an organization. In 2024, Lowe’s employees fell for these attacks when trying to log in to their corporate accounts. Mistaking the malicious ads for their trusted platform, the employees would enter their credentials. This gave the attacker access to sensitive data.
Photo by MalwareBytes
Malvertising Prevention Tips
Malicious ads can be done even on trusted platforms, which greatly increases their effectiveness. Yet there are ways to avoid these malvertising attacks. Malvertising prevention tips we recommend are:
- Network Detection: Some services offer network detection. This allows for ads or websites to be checked for malicious code and prevents you from accessing them if anything malicious is detected. This is not foolproof, however, so it’s best to use this along with other services.
- Educating Yourself and Others: Some of the malicious ads can be spotted by looking for misspellings, too good to be true offers, and only using login portals from bookmarked links you trust.
- Partnering with an MSSP: MSSPs or Managed Security Service Providers can offer your business all the protection we’ve discussed so far and more. They can set up network security, train your employees, and monitor malicious traffic on your network.
But where do you find the right MSSP?
Protect Your Business from Malicious Ads Today
Trusted platforms have already been known to expose individuals and businesses to malicious ads. But these attackers are only going to get smarter, more targeted, and dangerous. Your business doesn’t have to face these threats alone. At Kirkham IronTech, we specialize in proactive cybersecurity and IT solutions that protect companies before attackers strike.
Your clients, data, and reputation depend on staying ahead of these attacks. So don’t wait until it’s too late. Contact us today and let us safeguard your business to prevent cyberattacks that can stem from malicious ads.
Tom Kirkham brings more than three decades of software design, network administration, and cybersecurity knowledge to organizations around the country. During his career, Tom has received multiple software design awards and founded other acclaimed technology businesses.
