/ An inside look at the business of digital content
Publishers beware: 3 malware trends for Q4
October 10, 2022 | By Gavin Dunaway, Product Marketing – The Media Trust@MediaTrustGavinAs the days grow shorter and the pumpkin spice overfloweth from lattes, a bitter wind blows through the digital ecosystem, dropping malicious intent into every nick and cranny. Little devils ride the waves of code, seeking to trick and gladly snatch treats away from consumers in the form of stolen credit card info and personal data. All the while, they leave backdoors open on devices so they can return to wreak more havoc.
The fourth quarter can be the most wonderful time of year for publishers’ digital revenue efforts. Unfortunately, it can also be a lucrative moment for digital ghouls, with deal-hunting shoppers falling prey to malevolent code lurking beneath the surface of ecommerce sites.
Conventional wisdom holds that threat actors pull back from clogging the advertising pipes with malware in Q4 as premium publishers book more direct deals and there’s a dearth of cheap inventory. But threat actors are a devious bunch. They have diverse strategies for inflicting maximum harm on online consumers—and some particularly nasty tricks tend to appear during the holiday season.
Publishers play a key role here in keeping audiences safe from digital dangers. They must also help rid their advertisers and demand partners of malware demons.
Advertisers transform into malvertisers
It’s said when the moon is full and red as blood, advertisers large and small howl out in pain as they morph into the most fearsome of digital beasts—malvertisers!
OK, it’s not that dramatic. In fact, a lot of legit advertisers are completely unaware that they are spreading backdoors and phishing through their landing pages. Schemes like MimicManager-3pc lurk in the shadows and are quite hard to detect. It typically enters an advertiser’s site through a corrupted JavaScript library, and doesn’t actually show up in the call chain when it drops a malicious payload (e.g., a redirect with a backdoor).
Caption: The amount of malicious landing pages in the digital ecosystem grew dramatically over summer 2022 as MimicManager proliferated.
As of publication, MimicManager has already infected hundreds of advertiser websites, from local real estate and travel agents to major ecommerce sites. And it’s been compromising three to seven new websites per day ever since, with multiple threat actors using the tool to meet their own malevolent goals: backdoors, phishing, e-skimming, cryptojacking, etc.
Smaller and midsize advertisers are more likely to fall prey to these schemes because their publishing software and plugins are out-of-date. (And, in many cases, that’s because a third-party design firm manages them.) MimicManager is a fearsome threat because it’s quite good at evading detection, and certain variations only fire if the right targeting parameters are met (e.g., mobile browser).
The fast spread of MimicManager is particularly worrisome as the holiday buying season heats up and consumers click on ads left and right. By shutting down ads with compromised landing pages, publishers can protect their audiences. However, they need to take it a step further and share their findings upstream. Advertisers, and their platform partners, must be informed to stop the spread.
Retail hijinks
eMarketer predicts worldwide ecommerce sales will only climb by 9.7% this year compared to the wild growth witnessed during the peak of the pandemic. But that’s still $5.7 trillion, and around 20% of the entire retail market.
No surprise that a lot of scammers want in on that cash. Advertising CPMs might be higher in Q4, but many bogus retailers still use the ad pipes to woo consumers to their shady shops. The amount of scam ads blocked by Media Filter, The Media Trust’s real-time ad quality solution for publishers, doubled between April and September. And the top 10 companies blocked are all fake retail outlets
These scam ecommerce operations sometimes send goods that bear no resemblance to what was purchased and no way for a consumer to seek restitution. Or they’ll flat-out take consumer cash and disappear into the night.
The top four bogus retailers blocked are owned by the same sketchy Chinese company and feature interchangeable merchandise and page layouts. With consumer economic concerns running high this holiday season, deal-hunters will be easy target—unless publishers ensure their scam ads don’t make it in front of their audiences.
E-skimming epidemic
But legit retailers have real problems as well. While e-skimming tends to spread during Q4, the proliferation of credit card and personal-data stealing code has been absolutely stunning in 2022.
The amount of e-skimming has doubled year over year and we’ll likely see massive growth in the next few months across ecommerce platforms. Quite worrisome is the re-emergence of a threat group that dominated e-skimming efforts for much of the twenty-teens.
Don’t get spooked
Publishers are the last line of defense when it comes to protecting consumers from digital threats. For many ad and revenue operations folk, this too often just feels like getting the damn redirects to stop so the executives will quit howling.
But especially in Q4, the threats truly stretch across all the players—and keeping consumers safe means more than just blocking a “high-risk ad platform.” The good news is that audiences will have a higher propensity to click your ads this holiday season. Unfortunately, that also means a higher chance they’ll run into scams, e-skimmers, or other horrors. Making sure the ads on your properties are clear of danger means communicating with platforms and advertisers when you see trouble.
It always seems a bit like Devil’s Night in the digital ad ecosystem. It’s a good thing publishers are a fearless bunch.