Adware, when used for legitimate purposes, is software that downloads or displays advertising through redirections, pop-ups, and ad injections and generates revenue for its creators. However, cybercriminals are also using adware as a tool to help increase their revenue stream. They use malicious adware not only to profit from injecting advertising, but also as a first step to facilitate other malware campaigns, such as DNSChanger malware. Malicious adware is delivered through software bundles; publishers create one installer with a legitimate application along with dozens of malicious adware applications.

Bad actors use adware to:

• Inject advertising, which may lead to further infections or exposure to exploit kits
• Change browser and operating system settings to weaken security
• Break antivirus or other security products
• Gain full control of the host, so they can install other malicious software
• Track users by location, identity, services used, and sites commonly visited
• Exfiltrate information such as personal data, credentials, and infrastructure information (for example, a company’s internal sales pages)

High