Malware Explosion Continues
The increase in distinct malware incidents continues its upward trajectory, increasing 34% since the beginning of the year. Considering each incident is detected thousands of times during its lifetime, this increase reflects the current unhealthy state of today’s digital ecosystem.
Key malware behaviors driving incident trajectory in 2021:
- Redirects: 85% growth. Content consistently redirects to malicious content or auto-redirects users to an app store without any user initiation.
- Suspicious: 48% growth. The campaign exhibits anomalous activity; however, malicious intent is not confirmed. Typically, the domain or content is parked, does not exist, or matches previous patterns or characteristics of known malicious activity.
- Scams: 46% growth. Content phishes users to enter personal information for retargeting and reselling purposes, and/or is frequently related to the selling of products delivering false claims.
June Malware Overview
Compared to the previous month, the 8% increase in distinct malicious incidents in June masks the true escalation throughout 2021. Our Digital Security & Operations team is managing more events; many malvertising campaigns rapidly adjust their use of different creative, compromised domains, and/or ad partners to evade detection.
- 2,343 active malicious incidents, on average, managed each day in June. This is a 13% increase over May and 51% increase since January.
The primary behaviors driving growth in June include:
- Suspicious: 27% growth: Anomalous—but not confirmed malicious—activity present and our team is keeping a close watch on it. Due to the potential risk these campaigns should be blocked.
- Cloaking: 14% growth. Hiding its true intentions, this delivery technique only executes malicious activity when specific geo, browser and/or device conditions are met. A common payload method is fake celebrity endorsements delivering BitCoin content, aka Fizzcore.
- Software Install prompts: 14% growth. Content leads to malicious and unwanted activity in the form of fake software updates which will then install malicious programs such as toolbars, adware, or other forms of malware onto the user’s device.
Never fear: Confirmed malicious activity was added to our blocklist and also shared with the offending provider to clean up incidents and keep revenue channels open.