GeoEdge on Twitter
GeoEdge on Linkedin

© Copyright 2016 GeoEdge Ltd.  |  All rights reserved  |  Privacy Policy  |  Terms of Service

GeoEdge on Twitter

Malvertising in Native Ads

August 9, 2017

The popularity of native ads continuous to grow, with increasingly more publishers accepting the well-liked format. In fact, native ad adoption is expected to reach 41% in 2017. But while publishers are aware of the benefits of the ad format – they are less aware of its risks and the high costs associated with bad native ads, especially those containing malware. Here we will dive into what native ads are and look at those risks.


Native Ads 101
So, native advertising – by definition is: “a type of advertising that matches the form and function of the platform upon which it appears”.

In general, it would mean that the user’s experience will be natural, clean, and not intrusive.
Today, there are 6 main units in native advertising - 
•    Social in-stream units
•    Paid search units
•    Recommendation widgets
•    Promoted listings 
•    In-ad units
•    Custom units

Social In-Stream Units
These can be found in Twitter’s Promoted Tweets and Facebook’s Sponsored Posts. They merge seamlessly into the feed and can only be identified by the word “promoted” or “sponsored” next to the ad. 



Paid Search Units
This type of native ad applies to search results, such as the ones that we see on Google, Bing, Yahoo, etc. They are all actually paid advertisements marked as “ads” allowing the user to understand that they are indeed paid Native search units, and not a regular generic search engine result.

Recommendation Widgets
These usually appear at the bottom of a web page, under the heading “From around the web” or “You may also like...”. These ads are usually driven by third-party publishing platforms.  Widgets usually promote a list of related articles – so that the ad (whether image or textual) merges nicely with the regular content of the page.



Promoted Listings

This kind ad can be found on eBay, Amazon, FourSquare, etc, showing promoted product listings on shopping sites.

In-Ad Units
An in-ad is a standard IAB container that holds contextually relevant content and relevant links to an offsite page. These are used today by Federated Media, Martini Media, and more. 

Custom Units
A custom embedded ad located within a product, with specific unique measurements. These could be within a website or app. These are used today by Spotify, Pandora, Hearst, Tumblr and many more. 

Technical Implementation 
Now that we know which units to use & we applied all ethical aspect to our ads, We need to know how the technical implementation works.

There are three main types of Native platforms.

Closed Platforms 
Here brands promote their own content (or branded content) on their own their own websites. The risks here are minor and as in any closed environment, the control is high.

Open Platforms
The content of native ads comes from outside the particular website or app, and is distributed over multiple sites by a third party vendor.  There are many risks with these platforms and having one might create many unknown risks due to the ads or the final landing pages presented to the users.

Hybrid Platforms
The native ad content of the hybrid platform is applied in a programmatic manner, where advertisers can bid on the inventory via Direct Sales or Real Time Bidding.

The following 3 options above shows us that there is indeed a risk when planning to work with Native ads. We will now focus on the Open & Hybrid options – as they have the most high risk issues.


Lack of Publisher Control 
Since publishers relinquish control in Open and Hybrid platforms, these present the highest risk.
•    In these platforms, the ad unit is powered by a script that’s generated to handle all the targeting parameters. The publisher has no control over these parameters, which may affect the ad presented to the user.
•    All of the data that applies to the related content is hosted on servers that belong to the publishing platform’s ad servers.
•    Much of the content that is seen is actually hosted by content recommendation engines, which again does not allow any control by the publisher.
•    With full Real Time Bidding (now entering Native), the Open and Hybrid platforms do not allow any publisher control. 

Despite all these problems, there are still many positive reasons to employ Open and Hybrid platforms: you get ads that are targeted to your users, the RTB and Programmatic methods used enable high revenues for the publisher, etc.  But with all the benefits – the publisher is still releasing control, and this may result in serious risk issues.


Security Threats from Native Ads
Today, most security threats from native ads are post-click (the action/activity taking part right after the user is clicking on the ad).


Let’s review the risks we see today - 
Delivery Path Corruption
With Delivery Path Corruption the click URL, which indicates the redirect that the user will go through, is changed to affect the end point. The user will then see a totally different end location and totally different Landing Page.


Landing Page Hijacking
In Landing Page High-Jacking cyber-criminals use automated tools to discover third party Landing Pages in Native ad campaigns. They then physically infect these Landing Pages with a virus. The users will later visit these infected Landing Pages. 


Manipulated Attacks
The attacker builds a legitimate campaign and presents it to a Content Recommendation Engine. The campaign is checked, reviewed, and approved by the Native platform. It goes live and runs on publisher sites. But after a couple of days, the attacker activates the malicious code, and from that point on, every user is infected.

These infections could be:
•    Phishing attempts
•    Drive-by downloads
•    Trojan horses
•    Ransomware

Targeted Attacks
Similar to a Manipulated Attack, but more sophisticated, is the Targeted Attack. Here, the same method is applied, but the attacker targets only specific users. These users may be specified by IP, geo-location, browser type, or other criteria.

For example, users seeing a specific Native campaign via the Chrome browser in France would have no problems, while users from Canada using Firefox, that saw the exact same campaign, would be targeted based on their geographical location and browser. This is simply a more dynamic way to attack specific users.


GeoEdge and Native Ads

GeoEdge offers comprehensive malware protection for native ads. We scan ads or codes in order to identify any malicious activity in Native Ads – whether they be dynamic security threats or softer threats impacting the user experience.


Speak to us about protecting your sites and users from native ads, and be sure to sign up for our next webinar, "Optimizing Video Ads for Better User Experience." 


Please reload

Please reload

Browse Posts By Tags
Popular Posts
Please reload