Adverts or badverts: The difference, though important, may be difficult to discern

A “badvert” is a false advertisement that has been coded to redirect the user to malicious content. Known as maladvertising in the infosecurity community, badverts generate revenue for the attacker by redirecting the user to a page that delivers genuine advertisements that the coders behind the original, legitimate advertisement did not otherwise intend the user to see. It is also quite common for the page to which the user is redirected to contain malicious software (also known as malware), which is a term used to generally refer to computer viruses or software that enables a user to obtain covert information about another’s computer activities by transmitting data covertly from the victim’s hard drive.

One particularly prolific badvertising attacker is eGobbler, which has undertaken several wildly successful badvertising campaigns. The first truly newsworthy badvertising campaign by eGobbler resulted in roughly 500 million legitimate advertisements being compromised on the iPhone in only ten days in April 2019. The attacker, or more likely attackers, found a vulnerability in the Google Chrome application for iOS that allowed them to bypass pop-up blockers and redirect unsuspecting users to the badvert sites. Security researchers later concluded that eGobbler had been behind a campaign that resulted in the corruption of over 1.1 billion advertisements. Security researchers believe that eGobbler may be an organized criminal venture, as the attacker has been able to locate software vulnerabilities specific only to certain applications on certain devices and quickly exploit those vulnerabilities with expert efficiency. Researchers are attempting to run test environments on various devices to spot eGobbler campaigns in the early stages. This is an increasingly difficult task as the attackers have begun exploiting software loopholes that render “sandboxing”[1] measures useless as a defense against badvert campaigns.

How can you protect yourself?

Security research teams constantly monitor applications and devices for potential maladvertising threats. Once discovered, these teams report the vulnerabilities to in-house security teams at companies such as Google and Apple. The Google and Apple teams then develop protections to the vulnerabilities and release those protections in patches.[2] Therefore, you should ensure that your operating systems and browsers are completely up to date and capturing the latest patches released by the development teams. For example, the eGobbler loophole discussed above was corrected in the iOS 13 release on September 19.

[1] Sandboxing refers to a software management strategy that detects potentially malicious code and executes that code behind the scenes without causing harm to the user’s device or network.

[2] A patch is an update to computer software that is designed to fix specific issues with that software.