Large-scale malvertising campaigns have pushed more than a billion malware and spam-laden ads through online advertising networks onto "secure" web browsers. Ad-blocking software fails to stem the tide.
In case you were wondering - yes, you're right: October's official designation still is Cybersecurity Awareness Month. For bystanders, web publishers, and the victims of malicious ads, though, it turned into unofficial "Malvertising Awareness Month" rather quickly.
That's because news broke that cyber criminals had hit major browsers (Chromium/Chrome, Safari, Opera, Edge) with a broadscale malvertising campaign. Dubbed eGobbler by threat hunters, it generated more than a billion malicious advertising ad impressions over the past months.
The Mechanics: How Does Malvertising Work?
The not-so-secret sauce of malvertising campaigns is that they piggyback on legitimate online advertising networks and popular websites to push malware, such as ransomware exploit kits, onto millions of unsuspecting targets at once.
The malicious code then gets downloaded and executed by the web browser on the victim's computer. Game over.