CPO Magazine: New Malvertising Attacks Highlight Growing Risk of Ad Fraud


Nicole Lindsey Mar 21, 2019

The next time you’re tempted to click on an online ad, think again. That innocent-looking ad for a reduced price Spring Break vacation might actually be part of a sophisticated malvertising attack. This type of ad fraud is becoming more and more prevalent on the Internet, as cyber criminals come up with new and unique ways to deliver malicious payloads via online ads. The latest malvertising ad fraud technique, highlighted by researchers at Devcon, involves polyglot images used by advanced groups of cyber criminals. And these polyglot images are starting to show up all over the ad fraud space.

How the malvertising ad fraud scheme works

What makes these polyglot images such an effective form of malvertising ad fraud is that they do not require an external script to extract the malicious payload. Instead, a clever coding technique allows the JavaScript interpreter to ignore the actual image data (usually disguised as a run-of-the-mill BMP image) and instead, to execute the file as a valid JavaScript. The decoder script unlocks the hidden malvertising and redirects the unassuming victim to third-party phishing sites controlled by the cyber criminals. Typically, these third-party sites involve promotions like a “Spin the Wheel” game to win a gift card or other reward. In one example shared by Devcon, for example, the promotion was for a $1,000 Walmart gift card.