Cybercriminals Can Drop Malware On Your PC Using Video Ads

Visual ads directing users to malicious sites are things of past, cyber-criminals have added a new dimension to this: the video ads.

Video ads are mostly created for selling products or services, but hackers are now using them to direct users towards malicious sites.

This was identified in an attack laid down two weeks back when  3000 sites started showing a video ad in the form of a pop-up which asked the users to update their browser software (if the users followed the ad they could have downloaded the backdoor into his PC). The pop-up window was nicknamed as “Tripbox”.

Even though, each video ad is approved after thorough security checks but still hackers find a way to sneak in.

What was the most significant part of October 29th incident was the unique ad placement on the sites that received a huge traffic each day so a lot of people might have been tricked into believing ad to be a genuine video ad.

Tripbox notification on an Apple desktop / Image Source: TMT
Tripbox notification on an Apple desktop / Image Source: TMT

The incident was reported about two weeks ago by The Media Trust, specialised in developing malvertising detecting tools.

Video ads these days are delivered in Video Ad Serving template (VAST) which is a Javascript-like wrapper. But, it is possible for hackers to play around tracking tag and many other elements, allowing them to hide malicious codes within the template without being notified by security checks.

“It’s cumbersome,” Olson, co-founder and CEO of The Media Trust, said.“It’s pieces of code running inside of a template, which is basically a container of code.”

“The upshot is that it’s that harder to ensure that bad things aren’t lurking within, and that’s not lost on the bad guys”, Olson told the Computer World.

“It means that companies serving video ads and publishers that monetize via video ads need to be paying attention to the video channel just like they would with display advertising or other third-party code that they run on their sites,” Olson said while briefing on precautions for this scam.

But, for most of the time video ads have been an expensive buy for cyber-criminals, which has kept them away from using videos ad for their campaigns. Now with a large number of advertising solutions and rise in competition, prices have dropped down and cyber criminals have sensed video ads as a massive potential for their malware campaigns.

Pushpa Mishra

Pushpa is a Dubai based scientific academic editor who worked for Reuters’ Zawya business magazine and at the same time a passionate writer for HackRead. From the very first day she has been a blessing for team Hackread. Thanks to her dedication and enthusiasm.