WebRTC-based malvertising occurs predominantly through header bidding

Anne Freier

In Mobile Advertising. April 16, 2019

Security researchers have uncovered new malvertising attacks which occurred exclusively via ads served through programmatic exchanges and more specifically header bidding (87%).

Ad security firm GeoEdge, which led the research, found WebRTC-based malvertising attacks using its behavioural analysis technology.

WebRTC is an open source framework for web and mobile apps allowing for real-time communication in browsers and apps. It is distributed through cloud services such as Amazon AWS and Microsoft Azure.

“WebRTC Malvertising highlights the industry’s migration to ad security 2.0 – moving beyond merely blocking offending domains and instead relying on advanced behavioral analysis technology that can uncover difficult to track malicious activities,” said Amnon Siev, GeoEdge’s CEO. “With new strains of WebRTC malvertising and other obfuscated malicious activities being developed, I’m confident that GeoEdge has the team and technology to keep app developers,  publishers,  their users, and marketers safe.”

Although 99% of ads through the cloud are safe, GeoEdge expects the malvertising to cost publishers $325 million in revenue in 2019. Furthermore, it stifles the user experience with users being directed to undesirable ads or content.

WebRTC-based malvertising is difficult to detect with behavioural analysis being the only tool available at present. GeoEdge’s behavioural technology analyses ad serving patterns to notify of suspicious behaviour. This enables GeoEdge to stop problematic ads without blocking all campaigns or exchanges.