Researchers have warned that the Windows 10 users are under immense risk due to the rise of a new security threat. Due to this, many Windows 10 desktop users have lately experienced a number of malicious adverts popping up on their screens as well as apps, including those which are scamming tech support adverts as well as malware.
What makes this even worse is the fact that these malicious adverts are presented in Windows applications that support advertisements, so the OS or ad-blocking software would not be able to prevent them. Till now, these adverts, also known as the “Malvertising Campaign,” have delivered more than 100 million ads like these till June 2019. Moreover, their targets of attack also extend beyond the surface of apps included in Windows 10.
Who Is the Attackers’ Target?
It is confirmed by Confiant engineer Eliya Stein that these attacks also have other sources of delivery rather than just in-app adverts. It has further been pointed out that although the attacker has been leaning more towards Windows and iOS desktops, other desktops and mobile devices are also equally at risk.
Rumours suggest that these advertisements have been generated from some Microsoft Games as well as the Microsoft News application and Outlook. Studies have also shown that these malware advertisers, operating under the name “Fiber-Ads,” have been heavily relying on redirections and processes that do not require any user exchange. They have thus been using such actions to forcefully lead the users to phishing, scamming or malware pages.
How Does This Malvertiser Work?
According to the investigation conducted by Confiant, Fiber-Ads has been operating out of Hong Kong and has partnered with many authorized Demand-Side Platforms (DSP) who act as agents of automatic advertisement placements. These placements farther target potential users for the different ads as they browse the internet on their desktops.
By collaborating with legitimate DSPs, the malicious advert, aka malvertsier, has been getting access to premium users and audiences, who are usually the targets of high value in the malware advertising industry. These malvertisers, in addition, operate across two basic models of business. The first model acts as the owner of the delivery chain. The second acts as an intermediary. In this case, Fiber-Ads has been targeting the latter.
How is Advertising Being Manipulated?
Since Fiber-Ads has been partnering with authorized DSPs, they are gaining access to the inventory of those users who can be easily sourced on the internet and are easy targets of frauds by ad-clicks and phishing emails.
Additionally, DSPs offer an inventory of advertisements that have been put up for sale by website owners or app developers. Therefore, when advertisers actually buy ad placements from these DSPs, they are able to target their desired users while the latter browse different websites.
Therefore, this malvertiser has basically been earning revenue as a middle man as well as by scamming people and generating malware into their desktops.