The Silent Cyber Threat: Malvertising's Impact on Millions

SEO Poisoning and Malicious digital advertisements are making online scams more common. Researchers are naming it as “malvertising” and scammers are using it for investment scams. Malwarebytes report that in 2023, there were 42% month over month cases reported of malvertising in the US, while there was a 41% increase seen in that scamming technique from July 2024 to September 2024. Malwarebytes also reported that scammers are using multiple accounts for malvertising, and most of the accounts (77%) have only been used once by the scammers. Most of the activity for malvertising is reported in Southeast and South Asia, and 90% of the fraud ads are from Vietnam and Pakistan.

Most of the cybercriminals are also offering malvertisements where they distribute malware in ads all over the world. Senior Director of Malwarebytes said that many cybercriminals are placing malware in ads in search results. So when someone searches for something, that can have legitimate results, but some of them can have malware ads too. Scammers can easily target the victims using advertising technology and the internet and as malvertising is growing, this means that scammers are getting good revenue from them.

The areas where malvertising is being used the most is in credit card scams and phishing attacks. They are also distributing malware like ransomware and crypto miners in many advertisements, which then steals information from victims. Big butchering scams and romance scams are also being done through malvertising, as per UNO’s Drug and Crime Report. UNODC said in its report that malvertising is being widely used and publishers as well as internet users are not able to detect it. Every website visitor and viewer is at risk of becoming a victim of malvertising because they are being displayed everywhere. The ads are often disguised as coming from legitimate businesses or sites and when users click on the ads, scammers have an opportunity to scam the users.

Senior Threat Researcher at Sophos, Sean Gallagher, says that Google seems to be aware of these scams but Google says that it takes a lot of time to detect malvertising in ads. Scammers are also adopting some methods that stop Google from flagging and removing the ads. Google blocked more than 5.5 billion ads and 12.7 million advertisers in 2023 and will continue to do so. Brands need to keep themselves safe from malvertising and scammers or else scammers can take advantage of that.