What is a malvertising attack?
A malvertising attack occurs when a legitimate website you are visiting loads a malicious piece of code embedded in an advertisement. Typically, the attack tries to trick the user into performing an action that the bad actors need in order to gain control of the device.
How do malvertising attacks work?
- Malicious groups craft a convincing ad, inject malicious code, and pay an advertising network to display their new evil add on websites
- When the evil ad loads on a website, it triggers the malicious code- there is no need to click on the add
- This executes a Fake Anti-Virus scan pop-up or attempts to install malware
- Pop-ups encourage users to contact these false experts to fix issues by granting them remote access to their computer
What does an attack look like?
While navigating a legitimate website:
- A warning appears alerting you that your device is infected
- A scan appears to run, then tells you to contact Microsoft at a phone number that is not a legitimate Microsoft phone number
What should you not do?
- DON’T PANIC
- Do not make contact on the phone
- Do not click on any of the links or buttons on the pop-up pages to stop or cancel the false scanning activity
What should you do?
- You can use these keyboard shortcuts to close your web browser (Google Chrome, Firefox, Safari, Edge, etc)
- On Windows devices- Alt + F4
- On Mac devices- Command + Q
- Click here to contact AgriLife IT to verify that malicious code has not compromised your web browser or computer system
- Take a look at your Sophos Anti-Virus panel for any Alerts
Why is this getting through to me?
It is extremely difficult to stop this kind of attempt entirely for several reasons:.
- Legitimate advertising networks inadvertently publish these evil ads, on legitimate websites
- The same ads do not always load on the same websites
- Malicious groups register websites to host their Fake Support/Fake Anti-Virus websites daily
- These sites are only added to blocked lists and taken down when discovered and reported by experts
Fortunately, having a comprehensive Anti-Virus program such as Sophos renders this type of attack more of a nuisance by blocking any malicious activity and malware.
Only the pop-ups urging users to contact the false experts remain.
If you ever have any doubts or suspicions about an ad or pop up on your computer, please contact AgriLife IT.