Malicious Ads Embedded in Ad Images Gain Traction According to GeoEdge’s Real-Time Blocking

Nov 16, 2018

With malvertisers always looking for new ways to infiltrate their malicious code, a trend gaining traction in Q4 2018 is steganography – the act of embedding malicious code into an unseen image hidden in an ad’s image.

GeoEdge, the premier provider of ad security and verification solutions for the digital advertising ecosystem, first noticed an increase of incidents of steganography with malicious code inserted into ad images earlier this year through the company’s Real-Time Blocking solution for Publishers. And the number of incidents has been growing exponentially in Q4 2018.

Experian, a multi-billion dollar global information services company had one of their ads innocently targeted with a second image, one that was not visible to the user but hidden inside the ad request which called up the embedded malicious code. Once the ad appears on a user’s desktop or phone, the malicious code is enabled. In this instance, the malicious code was an auto-redirect to a phishing site targeting U.S. users. Other instances uncovered by GeoEdge’s Real-Time Blocking Solution for Publishers found additional malicious campaigns utilizing auto-redirects sending unsuspecting users to malicious websites.

For publishers, beyond the lost dollars in revenue, these redirects to malicious ads cause a bad experience for site visitors who are unsuspectingly taken to sites they didn’t want where they can fall victim to phishing attacks and expose their personal and financial data such as e-mail addresses, credit card numbers, social security numbers and other information.

According to GeoEdge’s research, last year auto-redirect malvertising attacks cost publishers $210 million and marketers $920 million, resulting in a $1.13 billion annual loss for the online advertising ecosystem. That number will be 20-30% higher next year according to the amount of such attacks being seen via GeoEdge’s Real-Time Blocking solution.

Not every security provider monitors and analyzes images for malicious code on a constant basis. This creates an opportunity for the exploitation of a potential vulnerability in the embedded images which, if left undetected, could provide malicious advertisers with a potential windfall.

Related Articles

Update to 250ok's email intelligence platform seeks to solve consumer email design woes through the guidance of real deliverability insight.