View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 8, 2018

Infosec 101: Adware – what is it and is it actually malicious?

Last up in our Infosec 101 series during the week of Safer Internet Day is adware.

By James Nunns

This series aims to demystify cybersecurity terms that you might have seen cropping up in the media more and more; earlier articles already covered ransomware or spyware.

The slogan for this year’s Safer Internet Day is focused on sharing and connecting with others to build awareness of being more cybersecurity-savvy – both at home and at work. As such, the first step is educating not just yourself but also co-workers, friends, and families.


In a nutshell

Do you want to lose 15 lbs. in 15 days? Click here for the amazing secret!

You’ll never have to eat solid food again!

Looks like you might have a virus. Install this antivirus solution now!

If you see a window pop up on your desktop saying any of these, that’s adware. It’s software that displays unwanted adverts on your computer. It uses different methods to reach the same goal: make the adverts get noticed on your screen, whether you like it or not. And if you’ve ever been on a site and you get redirected to an ad that makes it near impossible for you to click off, chances are that is adware, too.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Jovi Umawing, Malware Analyst at Malwarebytes

Although adware is considered one of the more minor threats, this doesn’t make it any less irritating. It might not be as insidious as ransomware, but clicking on dodgy ads would likely take you to potentially dangerous websites where you can encounter further malware, leaving you more vulnerable to hackers.

To put this threat into perspective, adware makes up nearly half of our consumer threat detections (40%) and is up 132% from last year. This makes it our most detected threat. Similar to ransomware, most of the adware work is being done by a few active adware developers for Windows, macOS, and Android.

Although it’s on the up, the number of makers is dwindling. Why? This is largely due to the tech industry’s aggressive adoption of ad blocking and the widespread consumer installs of ad blocking plug-ins.

The most common type is browser hijackers. This happens when you’re bombarded with advertisements while online, which looks like it’s from the site you’re on but isn’t. These can come in the form of pop-ups, pop-unders, and can even appear embedded in the site itself.

Adware manifests itself in varying ways on different devices. Below are some examples to help illustrate:


Example 1 – Android adware

Over the last few months, there’s been a lot of adware getting into the Google Play Store. Those that are getting through are aggressive, using creative new tactics to obfuscate their true purpose.

For example, it was recently reported that a potential 7.5 million Android users could have fallen victim to it from a fake flashlight app in the Play Store. This aimed to generate ad revenue by constantly showing pop-up ads which forces the user to press on adverts before accessing other apps and functionality.


Example 2 – Mac adware

While the newer operating systems on Mac OS X has cracked down on malware, they do not protect you against most adware. In December last year, we saw the return of OSX.Pirrit a nasty strain of Apple Mac adware that doesn’t just flood infected devices with adverts, but contains “characteristics usually seen in malware”. It also has the ability to obtain root access on the affected machine.

If you want to keep this from slowing down your computer or getting into your system, you’re going to have to take a few precautionary steps.


What can I do to stay safe?

These examples highlight that no device is safe. Yes, that includes Macs. The long-held belief that Macs are untouchable has been proven wrong on several occasions.

It’s worth highlighting that adware and malware are not the same thing. While adware is a form of grayware, it differs from insidious software in that it’s not conducting nasty activities — for instance, holding files for ransom. Because of this, most antivirus programmes don’t bother to detect adware, and if they do, they don’t do a very comprehensive job. AV software might flag adware as a potentially unwanted program (PUP), but it gives the option of removing it to users.

Several steps can be taken to help protect against adware. First, practice safe browsing habits. By this we mean avoiding torrent sites, illegal downloads, and pay close attention to any software that you download. Furthermore, beware of opening applications from unknown sources. Finally, download an anti-malware programme for your device. If you prefer, you can also download and install pop-up blockers in your browsers.

Adware is proliferating, and while it might not be a problem that will destroy your computer or steal your files, it will annoy you immensely. It also seems that new forms of adware are more menacing to the point that they are bordering on the malicious. As such, some security companies flag them as malware. Following the simple steps above will help you attain an adware-free computing experience.


Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.