Advertising malware not just for Windows anymore, targets ChromeOS and MacOS in increasing numbers

Dave W. Shanahan

Microsoft, Security, Singapore

Apparently, advertising malware is not only hitting Windows users only. As noted in a report by ZDNet, ChromeOS and macOS users are increasing at risk for advertising malware on websites. ZDNet provided advertising malware statistics and data gathered by a cybersecurity firm, Devcon. Between July 11 and November 22, 2019, 61% of users targeted by “malicious ad campaigns designed to redirect the user to malicious sites or to trick the user into downloading a piece of malware” were using Windows.

The obvious reason for this is that Windows holds the largest market share when it comes to computer operating systems, followed by ChromeOS and macOS. According to Devcon, 22% of the malicious ads aimed at attacking ChromeOS users, followed by 10.5% of macOS, 3.2% of iOS users, and 2.1% of Android users. Linux users accounted for the least affected, coming in at a mere 0.3%. Linux systems are largely used to run servers.

Confiant, an ad security firm, released a different report showing that 30% of these malicious ads come directly from advertising supply-side platforms (SSPs). Confiant analyzed more than 120 billion ad impressions from 75 SSPs that were published from July 1 to September 30, 2019, and found that 60% came from three SSPs. Confiant found that “a single SSP can be responsible for almost 30%” of advertising malware.

Unfortunate;y, Confiant did not name any SSPs specifically as it is hard to pinpoint if the SSP was responsible for the advertising malware or if an SSP vulnerability was exploited by an advertising malware entity.