According to Devcon researchers, 61% of the malicious ads observed from between July 11 and November 22, 2019 were aimed at Windows users including malicious ad campaigns “designed to redirect the user to malicious sites or to trick the user into downloading a piece of malware.” The research also revealed that malvertising campaigns over the past four months have targeted ChromeOS in surprising numbers https://www.zdnet.com/article/
None of this is very surprising as Windows is the most common OS in the world and therefore, the most commonly targeted. Two things, however, stand out from this report. The first is simply that malware that starts with ads is on the rise. Even with all the built-in security in browsers and the increase in awareness of these attack vectors, end-users are more vulnerable today while browsing the web than ever. The second stand-out is very unexpected – and that is that the second most targeted operating system is ChromeOS. Most people will not even recognize ChromeOS as a target at all for malware. In fact, one of the calling cards of ChromeOS is its superior security over other operating systems. However, ChromeOS is extremely vulnerable to malware via browser extensions that can do potentially even more harm than the aforementioned Windows attack vectors. These extensions can log keystrokes and skim personal information and credit card numbers without the end-user ever knowing it. Ostensibly, anything that you can do in a browser, malware can see and steal.
Another very troubling aspect of this research is that Chromebooks (running on ChromeOS) make up 60% of all laptops and tablets purchased for K-12 schools in the USA. Which means that many of those targeted by these malicious ads and malware will be unsuspecting children who may simply be looking for ways to make their computer better and find themselves with spyware instead.
End-user vigilance is not enough and it requires a concerted effort on the part of many of the largest stakeholders in the world to put an end to ad-based malware.