Online Ads Can Infect Your Device with Spyware
scientificamerican.com
An investigative report reveals that new spyware can slip in unseen through online ads—and there is currently no defense against it. So not only that online ads are intrusive and can infect devices through malware, they can also be used for spying.
An adblocker in this day and time is must for internet usage.
Or offload them at the DNS so they dont even get to the device in the first instance.
I do so love my Pihole. I forget how many ads are all over websites until I load up some site on a machine outside of my network.
I need to get a new modem/router. My arris that came with my fiber internet screws up my ability to remote connect to Plex and it won't let me set up a pihole.
dns-based solutions don't get them all.
Probably worth having multiple layers of defense
One thing I like about this particular layer of defense is that it gives you more insight into the activities of the software and operating systems you're using. The statistics they provide (I use Adguard Home) have proven very useful to me on several occasions .
No solution is perfect but could a DNS based solution with a privacy browser is as good as I can get on mobile devices without not connecting to the internet at all.
I use(and recommend) both for the best user experience.UBlock origin's element zapper feature has changed my life.
Don't load ads. There, problem solved.
I swear 90% of the world not aware of adblocker.
And then 9% out of that remaining 10% just can't be bothered to install them for some insane reason.
"I don't mind the ads..."
"WHY THE FUCK NOT, ARE YOU EVEN HUMAN?"
Exactly! Can't understand how do so many people tolerate ads.
I think I heard that usage on desktop is something like 1 in 4, which is pretty good. Mobile is another world altogether, since it requires different browsers that support adblocking and then accessing websites through the browser instead of the app for the website, which many users would definitely prefer to use.
There is no defense?
Imagine a world without Adblocker, haha!
There is no defence they will tell you about. No ADs for you means less money for them
“We did nothing, and are all out of ideas.”
Are we back in 1995? This should be common knowledge.
Blocking ads to avoid their malware was the #1 reason to have adblocker.
Actually it's not really a problem anymore. Browsers have become probably the most secure softwares on your computer.
0days for browsers are crazy expensive. Unless you're targeted by state actors you have nothing to worry about.
Did you really just say this in a topic about this actual thing happening?
I know, but have you read the article?
There's a 0day in chrome rn that let's a picture take over your comp
And there always will be, but for normal people living in a democracy, that's not a problem since it's a state trojan
I didn't realize democracies were malware-proof.
This is literally about a Trojan that is only sold to governments.
I don't like it and it definitely can be abused, but it's not as bad as in Mexico
And we all know that democracies never do anything bad like buy trojans. That is impossible. Look at the great democracy that is America. America has never done a single bad thing since 1776.
America already has full access to your phone. They don't need a Trojan for that
Also have you even read the second paragraph of my comment since that's exactly what I said
What paragraph? This is what I responded to:
It's still a problem whether it's a democracy or not.
You replied to my wrong comment and basically said what I said in the comment you replied to.
I just don't think it's that huge of a deal since they had these exploits before. It's just now that everyone knows about it. Pegasus and Preditor are their competitors and governments use them for years.
That's not really a good thing, but it's also not like everyone is going to be affected by it like it would be the case if this is public.
I'm democratically free of viruses, baby 😎 ✌️
As long as you aren't a state target
Sure did.
Then you would now that it's a state Trojan just like Pegasus and that exactly such a 0 day that is being sold for large amounts of money.
Edit: actually it doesn't, but Insanet is a company that sells state Trojans.
And you're trusting everything an article says about a virus that says there's no solution?
What's to stop a black hat buying this to steal identities?
What's to stop one of the coders from leaking it? Or a black hat leaking it?
What about someone targeting an incorrect target and by doing so it ends up in the hands of someone more nefarious?
Hackers and black markets do what they want.
Can't afford it? Steal it.
Actually I hope it gets leaked because that would mean it will gets fixed.
Also im pretty against state Trojans and such, but as long as it makes money.
And what's stopping someone from leaking it? It's not particularly illegal to sell exploits and leaking exploits owned by someone is illegal. Also they won't sell it for free and browser exploits are really expensive. I talking about at least half a million dollars.
There is no solution, because nobody except the ones who made it know how it works and its not public.
No ads. No trojan.
That doesn't fix the issue in the browser
No, no they did not.
The FBI recommends using an ad blocker for precisely this reason.
And then companies like YouTube force you to unblock them.
What? YouTube can't force me to do shit.
They have blocked users in the past from seeing any videos until their adblocker it removed
You still have the option of closing the tab and moving on with life, or digging in to see if there's another way around it.
Closing the tab and moving on with life is what I do when a Twitter login prompt or paywall appears. I've often thought it would be better for me to unblock ads, at least on timewasting sites like Youtube, just so that I get pissed off by the ads and close the tab, making it easier to stop wasting time.
I had been watching youtube on my phone using ublock origin on Firefox, but since youtube started this shit I have shifted permanently to newpipe.
Defense against it
But if corporate media reported on ways to block ads, it'd eat into their own bottom line, so I can understand their choice to skirt the whole "ads are blockable with some level of effort" conversation.
I've been blocking online ads for nearly the entirety of my multi-decade usage of the internet, to the point where seeing them now is actually quite jarring. The fact that they're now a prime vector for malware and spyware/capitalist surveillance just one-ups the decision to block them just for the annoyance factor.
Yea, that's not new. Malware in ads has been around for like a decade. None of the major ad providers have given zero fucks about it so an ad blocker is mandatory and with Google trying to make ad blocking harder to impossible it's only a matter of time until some major issues with this malware happens.
But now they being used for targeting devices by Spyware! Another reason to hate ads.
AdGuard DNS for android :)
Yes! And ublock origin on Firefox. And I use newpipe with sponsor block for youtube. Not seen an ad in ages. Ads are a cybersecurity threat no doubt.
For YouTube, I use ReVanced Extended, it has Sponsor Block, Return Dislikes Back and an Ad Block. (Btw it's a fork of a fork)
Honestly, setting up revanced seems a little too much work to me. So I use newpipe which I find much easier to set up.
Did you trying using the default patches?
Fact is, I am lazy. Reading the long list of things to do to patch the app and to keep it updated put me off so I didn't try.
People read the list???
Yes, I read the instructions for patching the app.
Oh, I thought the patches list
This is using some vulnerability in iOS. I'm an Android and Linux guy, but let's hope Apple quickly finds the bug and fixes it.And fuck that agency for not alerting Apple and instead profiting from it. And fuck the Israeli government for enabling them.Edit: I misread, supposedly this is miraculously able to target every device.
Even better: Thanks to ad tracking you can show specific malware to a specific cohort of people. Want to get spyware on every computer in DC? Just sign up for our ad program!
This sort of creepitude isn't even specific to online ads.
You know postal junk mail? The "direct marketing" companies that enable it will cheerfully sell you a list of the home addresses of people meeting any demographic characteristics you want.
Do you have reason to want a list of 18-25-year-old gay men in the Boston area, widowed Asians in San Francisco, or military veterans in Oklahoma City? With their names, ages, and their home addresses?
They can sell you one, perfectly legally, and it's not even that expensive.
From the article:
If they're using ads on a web page to install spyware, then they're most definitely exploiting vulnerabilities—unless they're showing the user a 'do you want to install XYZ?', in which case this isn't newsworthy at all. Ads aren't some magical thing that can just go around installing shit silently, so I don't know wtf the article is going on about, but it doesn't make sense.
Edit: The Register seems to have a more sensible take on it: https://www.theregister.com/2023/09/16/insanet_spyware/
Apple released an update day before yesterday, and another today.
And still websites are pissed that I block ads. Websites, the adblocker is not there to annoy you, it is there to protect me from your foolishness and lazyness when it comes to weed out bad actors.
And when websites demand I turn off the adblocker, I just close it.
Unity also purchased a company last year that was notorious for turning a blind eye to malvertisers