Malvertising, or third party advertisements that run malicious code when a page is loaded, is especially harmful on social media; links can be posted, shared, and even sometimes go viral without the majority of people even knowing the site they’re sharing is malicious. Recently, a website hosting malvertisements was shared on the popular websites Reddit, Hacker News, Facebook, and Twitter.
Being the social media geeks that we are, we decided to investigate the link to determine whether it was indeed malicious. We sandboxed the link in multiple hardware configurations, environments, and browsers to ensure safety and consistency with our findings. In particular, we visited the link using a Samsung Android phone on a Firefox browser, and the link indeed attempted to root the device and install a rogue app (obviously without our permission).
What’s especially interesting about this particular malicious link was that it’s not detected by traditional antivirus methods or even VirusTotal. This means that, even if you were running an antivirus program, most users weren’t protected from this particular attack.
How can users protect themselves against these types of threats? We do expect antivirus vendors to begin flagging this type of malvertisement in the near future. Thankfully, the malware didn’t seem to persist if the app was not installed on your device. So, continue to monitor what apps are on your system, and always reject downloading an app you don’t trust. In the meantime, we’ve added the mobile malvertising on social media domain to our platform.