A recent surge in mobile pop-ups, even on reputable sites, has left people more frustrated than ever.
What enables these ad redirects to haunt virtually any browser or app at any time, rather than just the sketchy backwaters in which they used to roam? Third-party ad servers that either don't vet ad submissions properly for the JavaScript components that could cause redirects, or get duped by innocent-looking ads that hide their sketchy code.
An ad hijacking your browser like that isn't technically a hack, in the sense that it doesn't exploit a software vulnerability. Instead, it relies on the attacker's ability to submit and run ads that contain redirecting JavaScript.
"I do think it's new that the ads are so pervasive and are on first-tier publishers," says Anil Dash, CEO of the software engineering firm Fog Creek. "
These things used to be relegated to garbage sites, now it's happening on the New York Times."
This is a problem that affects countless sites, with a fix proving elusive so far.
Publishers are particularly vulnerable, because they often rely on third-party ad networks for revenue. As a result, they can find themselves at the mercy of whatever a given ad network doles out. Even if publishers use only reputable services, those ad networks can themselves get duped. Most ad-blocking services still rely on generating "blacklists" of malicious sites, and it's difficult to keep up with the rapid transformations attackers use to stay ahead.
Train those users!
Source: https://www.wired.com/story/pop-up-mobile-ads-surge-as-sites-scramble-to-stop-them/
