Two Canadian Researchers from Concordia University in Montreal report that adware behaves like malware and should be classified as such. In a research paper*, the two reviewed Wajam, a software that injects ads into browser traffic and found that it uses techniques employed by malware for browser process injection attacks.
Expert Comments:
Mike Bittner, Associate Director of Digital Security and Operations at The Media Trust:
“Everyone should be concerned about any kind of unwanted ware. While consumers and legislators have put big tech platforms in their crosshairs, they fail to understand the pervasiveness of consumer data collection without consumer consent and the ever more sophisticated techniques being used to avoid detection. This type of data collection is made possible largely by digital third parties, who run code on websites and mobile apps, too often without the knowledge of website and mobile apps owners/operators. This is a problem for the following reasons: (1) these third parties don’t prioritize data security and privacy, (2) these third parties are popular targets for malicious actors, (3) site and app operators don’t know most of their third parties, let alone the vendors these third parties bring to the table, and (4) GDPR and California’s consumer privacy act hold these owners and operators at least partly responsible for the violations of their third parties.
Mike claims, “Any business that treats consumer data as fair game is about to experience a rude awakening in today’s shifting regulatory environment. While in past years, possession of consumer data might have attracted more investment into a company or improved its financial position, regulatory noncompliance and data security are now more important than ever. Whether companies like it or not, open season for consumer data has closed.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.