GeoEdge Researchers Uncover Malicious Auto-Redirect Ads in Programmatic VPAID Video inserted in Sandboxed iFrames

This newly discovered re-direct attack marks the continued escalation of malware attacks like steganography and WebRTC which go undetected via traditional blacklisting, the most frequently used method to block malicious ads

This is the result of abuse of sandboxed iFrames which were developed to provide safe communications between the publisher’s content and the advertiser

NEW YORK, Sept. 20, 2019 (GLOBE NEWSWIRE) -- For serving video ads, marketers and agencies have embraced the VPAID (Video Player Ad-serving Interface Definition) ad format which enables interactivity (like geo-targeting ads and enabling clicking through for more info) and better ad tracking metrics like clicks, ad viewability, and completion rates.

The challenge of VPAID has been the latency on apps, OTT and the mobile web.

Add to this a new challenge: Malvertising.

Security researchers at ad security and verification provider GeoEdge uncovered a new form of auto-redirect malvertising which is hidden in the code of programmatically served VPAID video ads within the sandboxed iFrames distributed via global media platform Teads.

Auto-redirects are those annoying ads which redirect our phone screen or browser to a warning about a fake virus or another scam, an app we didn’t ask for, a prize we’ll get for just clicking or a scam for phishing personal data.

The challenge in discovering these malicious auto-redirect ads is the fact that the tag for redirecting the ad is hidden or encoded in the sandboxed cross-origin iFrame, making it impossible for them to be found via blacklisting, the most common way for blocking malicious ads. In these cases, the GeoEdge research team had to decode the specific tag in order to uncover the malicious auto-redirect ads. With programmatic advertising involving many different players, the task of decoding each tag as it passes through the programmatic chain is daunting.

Sandboxed iFrames were developed to insert an ad’s content into a container, creating a barrier which “sandboxes” the ad, providing secure communications between the advertiser and publisher while reducing the likelihood for bugs, interferences or data leaks.

But what secures the advertiser, now also provides security for malicious advertisers.

The technology is supposed to offer consumers greater protection while providing publishers with greater ad control, more efficient, standardized and bug-free ad serving and greater data security, and to facilitate a better and easier-to-implement experience for marketers and agencies.

Sandboxed iFrames provide a dedicated space for the ad network/exchange to insert the encoded ad code within an iFrame (Inline Frame) on the publisher’s web page/app. Thanks to this technology protocol, the Iframe could present ads coded using JavaScript without exposing any user or other data.

But in this case, the IFrame or cross-origin frame also enables malvertisers to serve malicious auto-redirect ads which were delivered encoded within the IFrame.

“In the last year, we’ve seen an escalation in the sophistication of malvertising attacks, including steganography, where malicious ads are hidden inside an image, and WebRTC malvertising attacks occurring via ads served through programmatic exchanges, predominantly through header bidding,” said Adi Zlotkin, Security Research Team Leader, GeoEdge. “This escalation is forcing publishers and marketers to go beyond blacklisting in order to fight malicious advertisers and offer users, marketers, and agencies a safe and malware-free experience.”

The last year has also seen an increase in malicious ads served via video, which were unheard of until two years ago. “Though malicious video ads are still below one percent of all malware, we’re expecting that number to increase significantly in the coming years,” added GeoEdge’s Security Research Team Leader Adi Zlotkin.

Eighteen months ago, GeoEdge research forecast that auto-redirect ads will cause publishers and marketers $1.13 Billion in damages in 2018, which was accurate. By 2020, GeoEdge predicts that auto-redirect malicious ads will cause publishers and advertisers $1.3 Billion in damages.

GeoEdge enables the supply side of the digital ad ecosystem to focus on publishing, instead of worrying about malvertising attacks. The company handles malicious and unsafe advertising so that publishers, app developers, and other supply-side clients can focus on optimizing their advertiser campaigns and provide better and more effective relations with their clients in the time saved. GeoEdge enabled clients to find a 90-95% reduction in complaints through the elimination of offensive and malicious ads, and gain full transparency and visibility of their entire ad inventory, beyond the blocked malicious ads, facilitating improved management of each partner’s brand safety needs.

About GeoEdge
GeoEdge is the premier provider of ad security and verification solutions for online and mobile advertising ecosystems. The company ensures high ad quality and verifies that sites and apps offer a clean, safe and engaging user experience. GeoEdge guards against non-compliance, malware, inappropriate content, data leakage and operational and performance issues.‎ Leading publishers, ad platforms, exchanges, and networks rely on GeoEdge’s automated ad protection solutions to ‎monitor and protect their ad inventory. The company was founded in 2010 by a team that has over two decades of hands-on technical and on-line media experience.

Contact info:
Uriah Av-Ron
PR for GeoEdge   
Tel: (646) 755-6120