Unprecedented Rise of Malvertising as a Precursor to Ransomware

Malvertising CampaignCybercriminals increasingly used malvertising to gain initial access to victims’ networks in 2023, according to Malwarebytes’s latest State of Malware report.

The researchers note that the Royal ransomware group has been using phony ads for TeamViewer to deliver malware as a precursor to its ransomware attacks.

“The use of malicious advertising (malvertising) to spread malware isn’t new, but in 2023 it underwent a resurgence that threatened both businesses and home users,” the report states.

“The surge likely came because of a late (but needed) effort by Microsoft to block macros in documents downloaded from the Internet—one of cybercrime’s most bankable malware delivery techniques. With this malware pathway now removed, cybercriminals innovated elsewhere. Malvertising often uses social engineering techniques to install malware. Cybercriminals create Google Search ads mimicking popular brands, which lead to highly realistic, replica web pages where users are scammed or tricked into downloading malware.”

The malicious ads impersonate legitimate software products that are frequently used by businesses.

“Malvertising that targets home users may mimic popular brands like Amazon, software utilities like PDF converters, or popular subjects such as cryptocurrency investments,” the researchers write.

“Businesses are often targeted with ads for software downloads like Slack, Webex, Zoom, and 1Password. In 2023, criminals also targeted IT staff with fake versions of tools like Advanced IP Scanner. The ads and the websites are highly realistic, and generally far harder to spot than malicious emails. Malvertising also uses sophisticated fingerprinting code that tries to determine if a visitor is a bot, such as the Google Search crawler, or a security researcher, ensuring that only potential victims see the fake pages—which allows them to go undetected for longer.”

Malwarebytes notes that users may be more likely to fall for malvertising attacks than they are for phishing emails.

“For criminals, malvertising has several advantages over malicious email attachments,” the researchers write. “Users are much less aware of it and are rarely trained to spot it. And even if they are, the strictly controlled format of search ads gives users very little to scrutinize. Search ads can also be targeted at specific search terms, geographies, and demographics, ensuring that targets only see campaigns that are likely to appeal to them.”

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Malwarebytes has the story.

Free Ransomware Simulator Tool

Threat actors are constantly coming out with new strains to evade detection. Is your network effective in blocking all of them when employees fall for social engineering attacks?

KnowBe4’s "RanSim" gives you a quick look at the effectiveness of your existing network protection. RanSim will simulate 24 ransomware infection scenarios and 1 cryptomining infection scenario and show you if a workstation is vulnerable.

RansIm-Monitor3Here's how it works:

  • 100% harmless simulation of real ransomware and cryptomining infections
  • Does not use any of your own files
  • Tests 25 types of infection scenarios
  • Just download the install and run it 
  • Results in a few minutes!

Get RanSim!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Subscribe To Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews