Security News

Malvertising in plain sight

Avast Security News Team, 31 July 2018

Security researchers discover malvertising scheme that takes advantage of legitimate online advertising.

An elaborate and sophisticated criminal operation like something out of an Oceans 11 sequel has just been uncovered, and the caper here is mass malvertising. While investigating exploit kits, security researchers stumbled upon an operation where criminal activity abused the legitimate online advertising industry to spread trojans, ransomware, and more.   

The key figure in this malicious campaign is a user known as Master134. This user has hacked over 10,000 WordPress-based websites, stealing their traffic. He or she (or they) then sold this traffic to the legitimate ad network AdsTerra. The ad network, in turn, sold the traffic to resellers, as is industry standard. 

The resellers then proceeded to sell the traffic to the highest-bidding advertisers. In the case of Master134’s stolen traffic, these “advertisers” who outbid the rest were always cybercriminals who then used that traffic to post infected ads. Malvertising is so lucrative that despite paying a high cost for the traffic in the bidding stage, the cybercriminals still turn a profit.

Malvertising has been a tried and true gimmick in the cybercrime world for years. Avast security evangelist Luis Corrons reminds us that it has affected “some of the biggest news sites, such as The New York Times, Huffington Post, Forbes, The Daily Mail, and more. In order to go undetected, some of these attacks just last a few seconds each wave, to make it harder to track the source of the infection. JavaScript Monero miner even got to YouTube through an ad network last January."

As the hacked WordPress traffic has just come to light, the corresponding malvertising campaign is still in full swing, threatening users around the globe. Corrons believes online advertisers should be held accountable for their content. “A content check should be performed by the ad network, on both the advertisements and the landing pages.” He adds that background checks on the publishers and legally binding contracts threatening high fines would help the matter.

Avast recommends:


  1. Protect yourself from this kind of threat with an ad blocker. Not only do ad blockers keep the malvertising at bay, they also help pages load faster and minimize the distraction on your screen. Avast Adblock is a feature included in the free Avast Secure Browser, the only browser built for privacy by security experts.

  2. Always use an antivirus. No matter how malware approaches your system — through malvertising or otherwise — an effective antivirus will see it coming and block it. You can download and install the award-winning Avast Free Antivirus and put all worries about malvertising to rest.