We are in a time when “fake news” has become a term thrown around so frequently it is now part of our vernacular. In fact, there are quite a few new terms and words borne from the rise of technology in our lives. One of those words is malvertising.
What is malvertising? It’s when attackers are using sites to steal browser data via a malicious campaign that appears legitimate (don’t they always?) and in reality, can potentially download malware onto the computer of the unsuspecting user. It’s done in the background of legitimate advertising campaigns as well, so you always need to be on alert to any and all clicking. Every time you click, consider it as if you are handing over the keys to your computer. You have to be sure that you trust the site.
Is It a Current Issue?
It sure is. Google recently removed 500 extensions from its Chrome browser online store after researchers became aware of attackers using them to steal data. The campaign had been active for a year, dating back to January of 2019. This means that while it has been addressed, it still affected 1.7 million Chrome users who unknowingly downloaded the extensions from the official Google Chrome Web Store.
The extensions were manipulated by hackers to collect user data via the web browser, sending it to servers where they could control it, redirecting users to malicious domains and other landing pages.
While there were similarities in the code for all 500 extensions, linking it possibly to a single crime group, there was a difference in the names of the functions, reducing the likelihood of detection if a change was made. The extensions were advertised as games, weather apps, or map and navigational plug-ins – hitting up a variety of demographics in the user pool.
Are There Trends?
Consistency in increased frequency is the only trend we can definitively say is true when it comes to hacking. And that means that while tactics change, the overall goal to steal data doesn’t go away. Ensuring that updates are maintained is one easy way to know that you have the latest security features in your software, otherwise, being diligent and aware are your next and strongest defenses.