Adware: Malicious Ads and Prevention Methods

Adware, or advertising-supported software, is software designed to deliver ads to users. While these ads can be designed to generate revenue for a developer, the term is frequently used to describe a type of malware that profits an attacker or installs malware on a user’s machine. 

This article explores this darker side of adware and the threat it poses in the digital world. This includes how this type of malware works, major adware campaigns, and best practices for protecting against it.

What is Malicious Adware?

Adware is typically advertising supporting software deplored for revenue generation, however, that is not always the case. Malicious adware can also be deployed as a type of malware that delivers unwanted advertisements to a user. Often, this is in the form of pop-up windows or banner ads across the top of web pages. Adware can also be deployed as part of mobile applications, presenting ads as part of games, productivity apps, and similar tools.

Malicious adware can be used for a few different purposes. One of these is to deliver malware to a user’s device. For example, If a user clicks on a malicious ad, they might be directed to a website that has malware for download. Alternatively, the ad may lead to malware exploiting vulnerabilities in the user’s browser to install malware on their device

The other main goal of bad adware is to make money for the attacker. Traditionally, advertising platforms make money based on the number of views and clicks that they receive on advertisements. The more views, the higher the potential sales for the merchant, and the more that they pay the advertising platform.

Malicious adware abuses this model by serving unwanted advertisements to users outside of accepted advertising flows. Ads displayed in pop-up windows are likely to be seen as an annoyance by users and closed, providing no benefit to the merchant. The adware may also use dishonest methods to get clicks, such as using automated bots to “view” and click ads or tricking users into clicking them.

What Can Malicious Adware Do?

Adware is named for the fact that it can serve unwanted advertisements. While this is mainly an annoyance to users, adware clearly can have various malicious functions including:

• Data Collection: Traditional advertising platforms — such as social media — are known for monitoring and collecting data on their users to perform targeted advertising. Adware can do the same, tracking user browsing habits and selling this information to think parties.
• Browser Hijacking: Adware has a presence in a user’s browser and has the ability to change the browser’s settings. This could allow malicious adware to redirect the user browsing to phishing sites that deliver malware or serve additional unwanted or malicious ads to the user.
• Vulnerability Exploitation: While adware typically runs in the browser, it may exploit vulnerabilities to gain access to the system as a whole. If it accomplishes this, it has access to additional sensitive data and may be able to download and install other types of malware on the user’s device.
• Click Fraud: While adware is primarily designed to display unwanted ads, it can also be used to cheat the system by creating fake clicks on ads using automated bots. This in turn steals money from advertisers — who are getting no benefit from their ads — and can harm the merchants performing the advertising as well.

Adware Products

Adware can also be classified as a potentially unwanted program (PUP), reflecting the fact that it is generally more of an annoyance than a threat. As a result, adware can be installed on a computer in various ways beyond the typical malware infection vectors of phishing, vulnerability exploitation, etc.

Some of the common ways that adware gains access to a user’s system include:

• Browser Extensions: Browser extensions are programs that run within a browser and provide additional functionality. While some browser extensions are benign or even helpful, shady browser extensions are a common way for adware to gain access to a user’s device and the access it needs to serve ads and collect sensitive data.
• Freeware Bundling: Freeware commonly comes with PUPs bundled with it. Adware may be included in these bundles, gaining a foothold while pretending to be a benign program or browser extension.
• Mobile App Adware: Mobile devices aren’t immune to adware. Some cybercriminals bundle adware with games, productivity tools, and other common types of mobile apps to get this functionality on user devices.

In general, malicious adware relies on trickery and deception to gain access to users’ devices. A common tactic is a trojan horse, where a download is designed to look desirable but conceals malicious functionality.

In these cases, if something seems too good to be true, it probably is. Free software needs to make money somehow, and malicious advertising is one way to do so.

Recent Examples and Statistics

In general, adware is more of an inconvenience and annoyance than a threat on the level of ransomware or infostealers. However, adware can still be a significant threat and create global inconveniences.

One notable malicious adware campaign was the Fireball malware that first emerged in 2017. This malware was delivered bundled with legitimate software, tricking its way onto user devices. Once there, it performed large-scale data gathering and delivered targeted ads by hijacking browsers, changing settings, and redirecting search results to phishing pages.

Since then, adware has increasingly targeted mobile devices. People are increasingly on their phones, and it is often more difficult to detect or remove adware embedded in an app than malware within a browser.

In June 2022, Bitdefender reported on a large-scale adware campaigntargeting Android devices. An estimated 60,000 malicious apps tricked users into installing adware claiming to be modded versions of legitimate apps with unlocked features.

These adware campaigns were designed to serve unwanted ads to users. However, the access and permissions that they gained could also be used to steal sensitive data or deploy other forms of malware, such as ransomware, on infected devices.

Prevention Methods

Adware is commonly seen as an annoyance instead of a real threat. Pop-up windows can be closed, and banner ads can be ignored.

However, adware can also have malicious functionality, stealing data or directing users to phishing pages. Some best practices for preventing malicious adware infections include:

• User Education and Awareness: Adware typically gains access to a user’s device via trickery or being bundled with freeware. Educating users to recognize this malware and when a deal seems too good to be true can protect them from these adware infections. For example, a free version of paid software is almost always malicious.
• Antivirus and Antimalware: Adware is just another type of malware, and antivirus and antimalware software can help to identify, quarantine, and eradicate these infections. Some antimalware can also monitor browser activity to detect attempted redirects and other functions of malicious adware. Install antivirus programs on all devices — including mobile ones — and keep them up to date.
• Browser Security Settings: Many browsers have built-in settings that can block pop-up ads and other annoying or malicious features of adware. For example, popups can be blocked in Firefox under the Privacy & Security tab of the Settings window. It’s also possible to enable more strict security settings on web browsers, which protects against more threats; however, this also may break certain web pages.
• Perform Regular Software Updates: Malicious adware may exploit vulnerabilities in browsers to gain access to the system as a whole. Applying software updates and patches as soon as they become available reduces the risk that malware will be able to exploit these vulnerabilities.
• Mobile Device Management (MDM): Adware is increasingly common on mobile devices where advertising can be bundled as part of a mobile application. MDM solutions enable an organization to manage the apps that can be installed on corporate mobile devices. Using these solutions, an organization can prevent users from installing apps that could contain adware or other unwanted functionality.
• Ad Blockers and Privacy Extensions: While some browser extensions are malicious, others are designed to help protect users and their computers against adware and similar malware. Ad blockers — such as AdBlocker Ultimate — and privacy extensions — such as Privacy Badger — can block pop-up windows, trackers, and other malicious scripts that run in the browser.

Conclusion

Adware is not always what it seems. Usually it is simply an annoying way for companies to market their ads to us, however, adware has another side to it. Adware can be used as a malware focused on malicious advertising. By displaying unwanted ads to users, malicious adware can earn revenue and has the potential to install malware on a user’s device. Malicious adware is insidious and often infects devices via trickery, pretending to be legitimate software or being installed as part of a bundle. However, this type of adware is typically designed to steal sensitive and personal data. That’s why it’s important to be aware of the bad adware and practice safe browsing habits. For example, always checking online and reading reviews before downloading and installing “free” software can be an easy way to avoid potential malware infecting your system.

It’s also wise to take steps to protect yourself and your computer against adware and similar malware. Installing an antivirus and keeping programs up to date helps to reduce the malware threat.