Online advertising attacks shatter trust in the "supply chain"
Complete and blind trust in third-party vendors or service providers can put online users at risk. Cybercriminals used infected online ads to inject the BEDEP malware, which automatically downloads itself when the ads are displayed. Lenovo® indirectly allowed man-in-the-middle (MitM) attacks by packaging Superfish, a visual search technology that exhibits adware behaviors, in their consumer-grade laptops. Meanwhile, mobile attackers disguised the adware “MobiDash” or “MDash” on Google Play™ and used them to display ads that compromise user mobile safety.
These attacks exploit online advertising systems and reveal security gaps in the “supply chain.” This exposes site visitors to threats, and could potentially damage the reputations of web administrators.
How malvertising works
How Online Malvertising Works Diagram