GeoEdge Releases Security Report on Native Ad Vulnerabilities

Share Article

This report takes a critical look at the ethics, technology and security implications of native ads on publishers' sites.

News Image
Many publishers are not aware that native ads do not reduce the threats of malvertising," said Amnon Siev, CEO. "The risk is even more acute as users may lower their guard when interacting with these ads.

GeoEdge, the premier ad security and verification company, has released their latest security report, "The Vulnerabilities in Native Advertising." In the report, GeoEdge delves into major issues regarding native ads, from user security and malvertising threats to ambiguity and proper disclosure.

More and more publishers have turned to native advertising in a move to counter sagging CPMs. This format, which typically mimics the form and function of the environment in which it appears, is a powerful tool to drive revenue and improve the user's engagement experience. However, publishers are finding out that native advertising is a controversial and murky business.

In addition to critics' claim that this "disguised advertising" will ultimately hurt the industry, it is the technical implementations of native advertising that will also cause a major impact. This format relies on scripts to handle delivery and targeting, and these introduce a wide range of security risks that need to be addressed. The current malvertising security threats are already severe.

Summary of findings:

  • Post-Click Infection: While native ads have been shown to be low risk for malvertising pre-click, there is a high risk in the post-click, specifically in the landing page.
  • Delivery Path Corruption: As native advertising units are basically scripts created to handle delivery and targeting, it is relatively easy for malware purveyors to insert malicious third-party scripts and codes.
  • Landing Page Hijacking: Cybercriminals employ automated tools to discover third-party landing sites used in native ad campaigns and hijack those pages.
  • Dirty Native Ad Campaigns: Cybercriminals create ad campaigns with clean content and then use content recommendation platforms to buy traffic. Since the content is clean, it passes the vetting process. Once the campaign is successfully running, the cybercriminal activates the malicious code in the landing page to infect the user.
  • Dynamic Landing Pages: Cybercriminals often create target specific attacks. Targeted users are driven and or redirected to a malicious landing page from the native ad, while non-targeted users are shown a clean landing page.

"Native advertising is fast becoming one of the more preferable ways to monetize publishers' inventory. However, many publishers are not aware that native ads do not reduce the threats of malvertising. The risk is even more acute as users may lower their guard when interacting with these ads," said Amnon Siev, CEO. "GeoEdge stands ready to protect publishers and their users from native malvertising."

GeoEdge provides publishers, platforms and networks with full-scale malware protection and ad quality verification for online, mobile, video and native ads.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Eliana Vuijsje
+1 855-436-3343
Email >
Follow >

Visit website