Ads aren’t just about selling the latest gadget or promoting a sale. Some of them have a darker purpose: malvertising. But what is malvertising, and why should you care?

What is Malvertising?

Malvertising, a combination of “malware” and “advertising,” refers to the practice of embedding malicious code within legitimate-looking ads. These ads are distributed across reputable ad networks and displayed on websites you might frequently visit. When a user clicks on the ad or, in some cases, even just loads the webpage displaying it, the malicious code activates, leading to potential harm.

Examples of Malvertising:

• Drive-by Downloads: Perhaps the most harmful. You visit a website, and the malvertisement automatically downloads malicious software onto your device without your knowledge.
• Scareware: Ads that deceive users by warning them about nonexistent threats on their device and urging them to download a “solution,” which is, in fact, malware.
• Phishing: Malvertisements that mimic genuine companies or services, attempting to trick you into providing personal information or login details.
• Cryptojacking Scripts: Ads that utilize your device’s resources to mine cryptocurrency without your knowledge.

Why is Malvertising Dangerous?

Malvertising poses a significant threat because it can bypass traditional security measures. Since these malicious ads are hosted on legitimate and trusted websites via ad networks, they can often evade standard web filters and blacklists. Plus, since users trust the websites they visit, they’re more likely to interact with these ads without suspicion.

Protecting Yourself from Malvertising:

• Ad-blockers: Using ad-blockers can prevent many malvertisements from appearing.
• Regularly Update Software: Ensure your browser, plugins, and operating system are up to date, as many malvertisements exploit known vulnerabilities.
• Use Antivirus Software: Good antivirus software can detect and block many malicious downloads.
• Be careful about clicking on ads, especially if they look too good to be true.
• Keep your software updated, including your web browser, operating system, and antivirus software.
• Be careful about what information you enter into online forms.
• Stay Informed: Understanding the threat, as you’re doing now, is half the battle.

If you think you may have clicked on a malicious ad, you should immediately scan your computer for malware. You should also change your passwords for any online accounts that you may have accessed while you were infected with malware.

In summary, while the internet is an incredible resource, it has challenges. Malvertising is challenging, but you can browse safely and confidently with caution and the right tools.

Read more about malvertising at Hacker News and Malwarebytes. In our article, you learn how to detect malware on your machine.

What is Info Stealer Malware?

Info stealer malware is malicious software designed to extract sensitive and valuable information from infected systems. This data can include usernames, passwords, credit card numbers, personal identification numbers (PINs), and other types of private information.

Common targets for info stealers are:

• Web browsers (to capture browsing history and saved credentials)
• Email clients
• FTP clients
• Instant messaging apps
• Cryptocurrency wallets

How Does It Work?

• Delivery: Like other malware, info stealers can be delivered via malicious email attachments, fake software downloads, or compromised websites.
• Infiltration: Once executed, the malware often runs silently in the background without the user’s knowledge.
• Data Harvesting: The malware searches and extracts desired information from specific locations, like browser caches or saved password lists.
• Exfiltration: The collected data is then sent back to a server controlled by the attacker, often encrypted to evade detection.

How to Protect Yourself?

• Regular Updates: Ensure that all your software, especially your operating system and web browsers, are updated regularly. These updates often contain patches for known vulnerabilities.
• Install a Reputable Antivirus and Anti-malware: Invest in a good antivirus solution and schedule regular scans.
• Avoid Suspicious Downloads and Attachments: Be cautious of email attachments from unknown sources and avoid downloading software from unofficial or suspicious websites.
• Use a Firewall: Enable a firewall to monitor incoming and outgoing traffic and block unauthorized access.
• Be Wary of Phishing Attempts: Cybercriminals often use phishing emails to distribute info stealers. Recognize the signs of phishing emails, such as generic greetings, spelling mistakes, and questionable URLs.
• Enable Multi-Factor Authentication (MFA): By using MFA, even if your password is stolen, an attacker would need additional verification to access your account.
• Regular Backups: Always back up your essential data. In case of any malware infection, having a recent backup allows you to restore your system without paying ransom or losing data.
• Educate and Train: If you’re running an organization, invest in cybersecurity training for your employees.
• Use a Password Manager: To protect against some types of info stealers, a password manager can help. These tools generate and store complex passwords, making them harder to steal and crack.

In the ever-evolving cyber threat landscape, info stealer malware is a particularly insidious tool in the hacker’s arsenal. By staying informed and practicing good cybersecurity hygiene, you can significantly reduce the risks of this type of threat.

You should read this article from Malwarebytes on info stealers for more information. Also, our article on how to know if you’ve been infected by malware may help.

Today, the threats we face are not just physical but also virtual. One such threat, which has increased in recent years, is drive-by malware attack. But what is it, and how can you stay protected?

What is a Drive-By Malware Attack?

A drive-by malware attack is a method cybercriminals use to spread malware without the user’s knowledge. It typically occurs when a user visits a compromised website. Unlike phishing attacks, where victims are tricked into downloading malicious files, in drive-by scenarios, merely visiting a website can trigger an automatic malware download onto the user’s device.

These attacks often exploit vulnerabilities in outdated software or browser plugins.

How Drive-By Malware Attacks Work:

1. Compromised Websites: Cybercriminals find and exploit vulnerabilities in websites to insert malicious code.
2. Browser Interaction: When an unsuspecting user visits this compromised site, the malicious code scans their device for software vulnerabilities.
3. Exploitation: If vulnerabilities are found, the site can then download and install malware onto the user’s device without their knowledge or consent.

Protection Against Drive-By Attacks:

1. Keep Software Updated: Regularly update your operating system, browsers, and plugins. Cybercriminals often exploit vulnerabilities in outdated software.
2. Use a Reliable Antivirus: A good antivirus software can detect and block many malware threats, including those from drive-by attacks.
3. Enable Click-to-Play: This feature, available in many browsers, prevents plugins like Flash or Java from running automatically. Instead, they require manual approval, offering an extra layer of protection.
4. Regular Backups: Always back up your data. If malware compromises your system, you can restore it to a previous state.
5. Educate Yourself: Understand the signs of a compromised website. Be wary of sites with excessive pop-ups, unexpected redirects, or other unusual behavior.
6. Use a VPN: Virtual Private Networks (VPNs) encrypt your data, making it harder for cybercriminals to target you.

To summarize, drive-by malware attacks are silent threats that can compromise systems without active downloads or clicks from the user. However, by keeping software updated, using protective tools, and maintaining a vigilant online presence, you can significantly reduce the risks associated with these cyber-attacks. Remember, in cybersecurity, a proactive approach is always better than a reactive one.

You may find our article on detecting malware on your machine helpful as well as this one by Norton.

Malware Cannot Always Remain Hidden, Not Even In Memory.

In contrast to writing to disk, several sophisticated malware strains are built to run solely in system memory. This “in-memory” method is frequently employed to get around typical antivirus and antimalware programs that examine disk data. Malware isn’t necessarily invisible merely because it’s not present on the disk.

Since the virus must be executed to carry out its intended job, it will suck up system resources, leave a trail in system logs, or trigger observable network activity. These dangers can be discovered with the aid of instruments like memory forensics.

Symptoms of a Malware Infection

Even while malware frequently strives to remain undetectable, it frequently leaves some traces behind. The following are some warning indicators that your computer may be infected:

1. Sluggish Performance: Malware can occasionally be blamed for a sudden slowdown in your computer’s performance by utilizing system resources.
2. Unwanted Pop-ups and Advertising: If you see pop-ups and advertising that you didn’t previously see, especially those that urge you to click on dubious links or advertise antivirus software, it could be adware or another type of malware.
3. Unusual Network Activity: Data use spikes or mysterious network traffic may indicate that malware sends or receives data to or from your device.
4. Security software turned off: In an effort to defend themselves, certain malware can turn off your firewall or antivirus program.
5. Unusual Files and Apps: If you discover new files or applications that you didn’t install, this may be a symptom of an infection.
6. Frequent system crashes or the “blue screen of death” can be a sign, albeit they are not just caused by malware.

Getting Rid of a Malware Infection

Here’s what to do if you believe you have a malware infection:

1. Your machine should start up in Safe Mode. This will prevent most viruses from starting by starting your computer with a minimal set of drivers and services.

• Update and Scan: Run a comprehensive system scan and update your antivirus and antimalware software.
• Use Specialized Tools: Some malware is able to bypass traditional antivirus programs. Specialized malware eradication programs can be useful in these situations.
• Backup and Clean Install: You might need to perform a backup of your important information and a clean installation of your operating system if the infection is serious.
• Change Passwords: After eliminating spyware, particularly that intended to steal personal information, change all of your passwords.
• Stay Current: Update your operating system and software frequently. Numerous malware variants take advantage of well-known flaws in out-of-date software.

Malware is a serious threat, but the fact that it must be allowed to function (run) gives us a considerable edge in terms of identification and mitigation. Always be on guard, keep your software up-to-date, and be wary of what you download and open. Your safety online depends on it.

You may find our article on using Netstat to detect rogue connections interesting, read it HERE.
Additionally, here’s what Microsoft says on removing malware.

What are the top ways you’re attacked or hacked online? Here is a short list (10 ways). Many of these attack vectors can be mitigated by being proactive and maintaining a healthy skepticism about unexpected or unfamiliar online requests. Regular education and cybersecurity awareness training can help you stay ahead of any new hacking methods.

• Phishing Attacks
  • Description: Attackers send fraudulent emails or messages that look legitimate to trick users into giving away personal information or login credentials.
  • Prevention: Be skeptical of unsolicited messages. Don’t click on suspicious links or download files from unknown sources. Check the sender’s email for authenticity.
• Weak or Reused Passwords
  • Description: Using easily guessable passwords or the same password across multiple sites.
  • Prevention: Use strong, unique passwords for each account. Consider using a password manager to help keep track.
• Unpatched Software
  • Description: Outdated software can have vulnerabilities that hackers exploit.
  • Prevention: Regularly update all software, including operating systems and applications. Enable auto-updates when possible.
• Malware and Spyware
  • Description: Harmful software designed to infiltrate or damage computer systems without the user’s knowledge.
  • Prevention: Install reputable antivirus and anti-malware tools. Don’t download files from dubious sources.
• Man-in-the-Middle (MitM) Attacks
  • Description: Attackers intercept communication between two parties to steal data.
  • Prevention: Use HTTPS sites. Avoid public Wi-Fi for sensitive tasks or use a VPN when on public networks.
• Unsecured Wi-Fi Networks
  • Description: Using public Wi-Fi can expose your data to attackers.
  • Prevention: Always use secure, password-protected networks. If necessary, use a VPN on public Wi-Fi.
• Social Engineering
  • Description: Manipulating people into giving away confidential information.
  • Prevention: Always verify the identity of individuals requesting sensitive data. Educate yourself and others about common scams.
• Brute Force Attacks
  • Description: Attackers use trial-and-error methods to guess login information.
  • Prevention: Use complex passwords and enable account lockout policies. Implement two-factor authentication (2FA) when possible.
• Drive-by Downloads
  • Description: Unintentional download of malicious software when visiting a compromised website.
  • Prevention: Update browsers regularly. Use security plugins or settings that block suspicious websites.
• Physical Theft or Loss
  • Description: Losing a device or having it stolen can give access to all its data to malicious parties.
  • Prevention: Use strong device passwords. Activate tracking features like “Find My Device.” Encrypt your storage, and always lock devices when not in use.

Need more tips? Read this article with 20 ways to shield your identity online. You may also be interested in how to detect malware on your machine; see this post.