Criminals are piggy-backing off advertising networks to trick web users into downloading malware, a cybersecurity company claims.

Adobe Flash security issues have allowed hackers to compromise web browsers
Image: Adobe Flash security issues have allowed hackers to compromise web browsers

By Alexander J Martin, Technology Reporer

Hackers are using the web's advertising networks to trick people into downloading malware using fake security updates and Adobe Flash.

Many internet users will be familiar with tech support scams and fake software updates suggesting they download Adobe Flash.

Good anti-virus software from a reputable vendor will catch this malware as well, as one of the benefits of it being so widespread is that it is easy to detect.

Redirection flow. Pic: Confiant
Image: The redirection flow of the advertisements. Pic: Confiant

The largest criminal operation trying to infect people using these advertising networks in 2017 - which bought over a billion ad impressions - has been detailed in a new report by Confiant.

According to the cybersecurity company, a criminal organisation called the Zirconium Group created and operated 28 fake advertising agencies for the purpose of spreading malware.

The group designed ads that automatically redirected users to websites where they could be tricked into downloading malware. Others ran advertisements using Adobe Flash, which is notorious for its security vulnerabilities.

Pic: Confiant
Image: A fake security pop-up on MacOS. Pic: Confiant

The practice is known as "malvertising" (a portmanteau of "malware" and "advertising") and often involves criminals setting up fake advertising agencies to register with web advertising platforms.

Malvertising often exploits the programmatic and automated auction process that sells advertisements in milliseconds while web pages are loading.

Just as advertisers can bid for their advertisements to target specific demographics, hackers can bid for their advertisements to target particular users - such as those potentially running software with vulnerabilities.

A fake security support pop-up. Pic: Confiant
Image: A fake security support pop-up on Windows. Pic: Confiant

Jerome Dangu, Confiant's chief technology officer, said the mechanism Zirconium Group was using to trick people was called "forced redirects".

He explained: "A forced redirect is when a person is surfing the web on a computer or mobile device and through no action of their own gets redirected to a different website. Usually the website they are redirected to is a vehicle for some form of affiliate fraud or malware.

"Although forced redirects require social engineering (tricking users into falling for a scam or infecting their computer), they can durably stay under the radar by avoiding to trigger in situations that may correspond to security investigations."

More from Tech

The team behind the Chrome browser has said that it will block forced redirects in the Chrome 64 release, which is scheduled for release on 23 January.

Mr Dangu believes the release will "fix the hole that largely allows for this illegal business to thrive".

More top stories