Malware Trends: July

Malware Trends: July
featured image

Malware distributed through compromised advertising and marketing technology channels (aka “malvertising”) continues to grow, with distinct events increasing 51% since January. With each incident typically affecting thousands of individuals, this escalating malware trend is challenging the best of security defenses.

Key malware behaviors driving malicious activity since January:

  • Redirects: 131% growth. Content is consistently redirecting to malicious content or auto-redirecting users to an app store without any user initiation. In addition, more incidents are being detected and quickly shut down thereby not affecting as many individuals.
  • Scams: 65% growth. Not only are the creative typically poor quality and/or design, but also extensive analysis reveals the companies associated with the landing pages have extensive consumer complaints and poor business ratings. In many instances similar creative versions drive to different retail domain landing pages to appear as if unrelated campaigns.
  • Parked Domains (Suspicious): 107% growth. Primarily driven by parked domains, this content entices users to enter personal information for retargeting and reselling purposes, and/or is frequently related to the selling of products delivering false claims.

As the year has progressed, the composition of the malware threats have changed. Phishing and software install prompts have gradually given way to redirects and suspicious/parked domains.

Changing malware in 1H-2021

Figure 1: Changing malware types in 1H-2021

The digital ecosystem witnessed a 17% increase in distinct malicious incidents during the month of July, with our Digital Security & Operations team managing an average 2,723 distinct events every day. Several celebrity clickbait campaigns (i.e., Fizzcore) propagated in early July and then gradually diminished as The Media Trust worked to shut down the buyer across multiple platforms.

Interesting malware incident: VidLox-3PC

Malvertising and ad fraud often seem like two sides of the same coin. The recent VidLox-3PC (VidLox) campaign shows how the tactics of the former can fuel the latter. This malware inflates impression counts by driving non-human views for dozens of popular mobile apps. Video ad fraud, plain & simple. Learn more about VidLox-3PC