Here’s how I spot fake malware every time

In an ideal world, the ads you see online are genuine and have no malicious intent. Unfortunately, some ads spread malware or steal information.

Fortunately, I’ve seen tons of malware over the years, and this is how I see it every time.

What is malvertising?

Malvertising is a portmanteau of “malware” and “advertising”. At first they sound like ads selling malware to criminals, but they are actually ads that pretend to be legitimate while hiding a dark secret.

The main goal of malicious ads is to infect your computer with a virus and steal your personal information. There are two ways a classified ad can achieve this:

1. Malicious pre-click ads: These are especially nasty because they don’t require your input. As soon as your browser loads, the malware will launch.
2. Malicious click-through ads: These are not activated when your browser loads them. Instead, they trick you into clicking on them, which takes you to a malicious website. This site may try to give you a virus or ask you for your personal information in a phishing attack.

Note that adware is different from adware, which are unwanted applications designed to display advertisements. However, sometimes you’ll see the two working hand-in-hand, with bad actors planting adware on people’s computers to show them malicious ads.

In an ideal world, malicious ads are caught during the ad screening phase and do not reach the website. However, some unmaintained websites that use substandard advertising plans may be serving malicious ads to their users, whether they know it or not.

How does malware appear?

Malvertisements have a long and rich history, and plenty of examples illustrate how they work.

Malicious SYS01 InfoStealer Ads Flooding Facebook

Proof that the biggest sites aren’t “too big” to receive malicious ads was the flood of SYS01 InfoStealer ads targeting Facebook users. This wave promised users free access to popular services and software such as Netflix and Photoshop.

Of course, these were just tricks to get people to click on ads and download SYS01 InfoStealer, which stole victims’ Facebook accounts and used them to spread more malware.

You’d think internet giant Google would be pretty good at spotting malvertis, but even that can slip up sometimes. Sometimes Google puts a few sponsored links in the search result related to what you are looking for, but sometimes those links go a little wrong.

As CNBC reports, cybercriminals insert malicious ads into these sponsored links. Sometimes they pretend to be real websites and sometimes they promise things that seem “too good to be true”. The worst part is that people tend to trust these sponsored ads because they are displayed by Google itself, which people inherently trust without a second thought.

Some sneaky criminals will even create identical search results for legitimate websites and sponsor them so they appear at the top of the list. When people search for this site, a sponsored link will appear at the very top, tricking people into believing they are clicking on a search result for a real site, when in fact they are heading to a malware-filled trap.

Cybercriminals promote malvertising through paid social media posts

“”>

Some social networking sites allow people to “boost” the visibility of their posts by paying an amount. Cybercriminals can use them to boost their malicious advertising and hijack people’s accounts, only to use those accounts to send and promote other malicious advertisements.

Trend Micro reported a case where cybercriminals performed this trick on Facebook posts. They stole accounts using fraudulent customer support messages and used them to boost posts advertising a fake AI photo editor. Once people download and run the fake app, it allows a bad agent to remotely access their computer.

How can I stay safe from malware?

Malware sounds scary on paper. However, they have several weaknesses that make them easier to detect than the actual solution.

Be very careful about “Too good to be true” ads.

You have to remember that advertisers want as many people as possible to click on their bad ads. And because they’re not actually selling the right product, they can get away with ridiculous claims or deals because they don’t have to back it up.

As we saw with SYS01 InfoStealer, scammers advertised free access to Netflix and Photoshop. Claims like these should smack of malicious ads the moment you see them. If an ad seems “too good to be true,” it probably is.

Look for Strange Wording or Grammar

Malvertisements are created quickly and unprofessionally. So if you see an ad that “sounds weird” but claims to be from an official source, there’s a good chance it’s a bad ad.

Look for “unprofessional” graphic design

Similarly, malvertisers will not have a fully paid graphic designer on their team to create graphics for ads. As such, bad ads often “look bad” in some way; maybe they look poorly made or use pixelated assets. Legitimate companies put a lot of time and money into their advertising campaigns, so the more shoddy it looks, the more likely it is bad.

Cross-references with real company

The deal looks good, but not sure if it’s unfair advertising? To double check if this is a real offer, open a new tab and visit the company’s official website or social media.

If the ad claims to be from a trustworthy company, whatever it is advertising should be on their website or posted on their social media. If the ad was from a company you haven’t heard of before, you can check the bad website for red flags and see if it fits your bill.

Be careful what you click

It’s tempting to click on things to get your work done faster, but try to take the time to think about where you’re clicking. Remember Google’s malicious ads trick, where scammers create ads that look like legitimate search results? You can avoid this by not clicking on any results marked as advertising. Instead, scroll down and click on the search result for a legitimate site.

Use a secure browser

“”>

So far, we’ve only covered ways to avoid malicious click-through ads. But what about malicious pre-click ads that run the moment they are loaded? Fortunately, if you choose a good browser, you’ll have a good first line of defense against them.

We’ve ranked the safest browsers available, so check them out if you want to stay safe online. And if you choose Brave, you can also get the best security extension for Brave browser.

With how prevalent online ads are, bad actors are always looking for ways to trick people into downloading something bad. Now you know how to sniff out the harmful ones and surf safely.