Advertising networks like Google AdSense, DoubleClick, Bing Ads and many others have a huge reach and that makes them very interesting to anyone trying to spread malware. Many mainstream sites give these networks real estate on their pages. When you visit your favorite site, which serves ads from such a network, in effect this network touches you and your device directly.
Advertising is not the only thing that advertising networks serve to passers-by. Increasingly frequently, those with less-than-honorable intentions are and have been using them to distribute drive-by download malware. All you have to do is visit a website where this ‘advert’ is served and if you have no other protection, you get infected without ever having to do a thing: it downloads automatically, infects you automatically, and you would never have known, all you did was visit a site. It could be a virus, spyware or in a worst case scenario, ransomware.
Once again, Google AdSense is being abused to distribute Android spyware. This isn’t the first time that this is happening and it won’t be the last. It’s just too easy for these networks with their huge reach to be exploited this way. The way this works is that someone buys advertising space through the network and submits something that looks and behaves entirely genuine as an ad. Once approved, the benign ad is switched out for the malware which now is served to a very specific set of people, namely those that the advertiser specified as being the target audience. Surprisingly, one can be remarkably specific in who you want to display your adverts to, as specific as saying “here’s a list of e-mail addresses of the people I want to show this specific ad to”. Google calls this particular form of targeting “Google CustomerMatch”.
This is just another reason why it is unwise to just allow any unvetted code coming from the internet to run on your devices. Especially not if it comes from a source that is known to be used as a distribution vector for malware.
IvyDNS protects from these types of attacks. It not only blocks devices from pulling down anything from advertising networks, it also blocks other known malware-related domains, be they exploits, phishing, hijacked domains, scams or other forms of undesirables. IvyDNS specifically hunts these domains down and makes sure you don’t get in contact with them.