An investigative report reveals that new spyware can slip in unseen through online ads—and there is currently no defense against it. So not only that online ads are intrusive and can infect devices through malware, they can also be used for spying.

    • dalë@lemm.ee
      link
      fedilink
      English
      arrow-up
      34
      arrow-down
      1
      ·
      1 year ago

      Or offload them at the DNS so they dont even get to the device in the first instance.

      • Geek_King@lemmy.world
        link
        fedilink
        English
        arrow-up
        44
        arrow-down
        1
        ·
        1 year ago

        I do so love my Pihole. I forget how many ads are all over websites until I load up some site on a machine outside of my network.

        • BolexForSoup@kbin.social
          link
          fedilink
          arrow-up
          7
          ·
          1 year ago

          I need to get a new modem/router. My arris that came with my fiber internet screws up my ability to remote connect to Plex and it won’t let me set up a pihole.

              • CaptainAniki@lemmy.flight-crew.org
                link
                fedilink
                English
                arrow-up
                3
                arrow-down
                1
                ·
                edit-2
                1 year ago

                Yep! That should assign the outside IP to port 1 with all ports to the switch wide open. Then the Nighthawk will be the router and you can assign the PiHole to run DNS/DHCP.

                I’m not 100% on the specifics for Arris stuff but that’s what I think I used to do with an Arris cable modem/router. Some assign port 4, and some can assign any as long as it’s the only one with a cable plugged in.

          • CumBroth@discuss.tchncs.de
            link
            fedilink
            English
            arrow-up
            7
            ·
            edit-2
            1 year ago

            One thing I like about this particular layer of defense is that it gives you more insight into the activities of the software and operating systems you’re using. The statistics they provide (I use Adguard Home) have proven very useful to me on several occasions .

          • dalë@lemm.ee
            link
            fedilink
            English
            arrow-up
            5
            ·
            1 year ago

            No solution is perfect but could a DNS based solution with a privacy browser is as good as I can get on mobile devices without not connecting to the internet at all.

  • teft@startrek.website
    link
    fedilink
    English
    arrow-up
    86
    ·
    edit-2
    1 year ago

    and there is currently no defense against it.

    Don’t load ads. There, problem solved.

          • aceshigh@lemmy.world
            link
            fedilink
            English
            arrow-up
            3
            arrow-down
            1
            ·
            1 year ago

            it’s scary for people who don’t understand it. i would never ask my parents to get it because i know that any errors or whatever their computer will get will get blamed on the extension and get blamed on me.

            • Dagrothus@reddthat.com
              link
              fedilink
              English
              arrow-up
              4
              ·
              1 year ago

              You wouldn’t ask your boomer parents to block ads that will likely get them to install viruses or get scammed? They are easily the demographic that would benefit the most from ublock.

              • PM_Your_Nudes_Please@lemmy.world
                link
                fedilink
                English
                arrow-up
                7
                ·
                edit-2
                1 year ago

                You’ve clearly never had to deal with the “you touched my computer 3 years ago and now it won’t turn on. Why did you break my computer” family members. One of the number one pieces of advice for people just starting in IT is to never work on family members’ computers. Because as soon as you agree to fix something, you’re now the person to blame when something stops working. Because “it worked fine the last time you touched it, and now it’s broken. Clearly I didn’t do anything to break it, so it must have been you” is a scarily common train of thought.

                • CaptainAniki@lemmy.flight-crew.org
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  1 year ago

                  I am so fucking glad that part of my life is over. I think the last time a family member asked me for advice I spent an hour pontificating on how shit Windows is and to just install Linux and Teamviewer so I wouldn’t have to listen to them drone on and on about nonsense we nerds have been yelling about for two decades.

                  Now whenever something stupid comes up even in a passing conversation I can just say, “I am an engineer. I work on a very small set of problems every day and none of them are related to desktops anymore. Sorry.”

                • Drbreen@sh.itjust.works
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  arrow-down
                  1
                  ·
                  edit-2
                  1 year ago

                  This and don’t ever tell co-workers your into computers either. They will ask for say, laptop recommdations. So because you like them, you do a little research and send them some links. 6 months later they’ll come back asking for another recommendation because they didn’t buy anything when they last asked! This has happened to me more times than I care to think about. Totally annoys me.

              • CaptainAniki@lemmy.flight-crew.org
                link
                fedilink
                English
                arrow-up
                1
                ·
                1 year ago

                After my mom almost fell for a few iPhone adverts, I put a piHole on her home network and that solved most issues. I don’t have to teach her how to enable and disable ublock origin when her websites don’t render correctly.

          • Bebo@literature.cafeOP
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            Thing is most people are unaware of the harmful nature of ads and don’t care to do anything to block them.

      • micka190@lemmy.world
        link
        fedilink
        English
        arrow-up
        10
        ·
        1 year ago

        And then 9% out of that remaining 10% just can’t be bothered to install them for some insane reason.

      • MrFlamey@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        I think I heard that usage on desktop is something like 1 in 4, which is pretty good. Mobile is another world altogether, since it requires different browsers that support adblocking and then accessing websites through the browser instead of the app for the website, which many users would definitely prefer to use.

  • AnonTwo@kbin.social
    link
    fedilink
    arrow-up
    51
    ·
    1 year ago

    Are we back in 1995? This should be common knowledge.

    Blocking ads to avoid their malware was the #1 reason to have adblocker.

    • newIdentity@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      37
      ·
      1 year ago

      Actually it’s not really a problem anymore. Browsers have become probably the most secure softwares on your computer.

      0days for browsers are crazy expensive. Unless you’re targeted by state actors you have nothing to worry about.

          • Thann@lemmy.ml
            link
            fedilink
            English
            arrow-up
            12
            ·
            1 year ago

            There’s a 0day in chrome rn that let’s a picture take over your comp

            • newIdentity@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              1
              arrow-down
              8
              ·
              edit-2
              1 year ago

              Then you would now that it’s a state Trojan just like Pegasus and that exactly such a 0 day that is being sold for large amounts of money.

              Edit: actually it doesn’t, but Insanet is a company that sells state Trojans.

              • mihnt@kbin.social
                link
                fedilink
                arrow-up
                3
                ·
                edit-2
                1 year ago

                And you’re trusting everything an article says about a virus that says there’s no solution?

                What’s to stop a black hat buying this to steal identities?
                What’s to stop one of the coders from leaking it? Or a black hat leaking it?
                What about someone targeting an incorrect target and by doing so it ends up in the hands of someone more nefarious?

                Hackers and black markets do what they want.
                Can’t afford it? Steal it.

                • newIdentity@sh.itjust.works
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  arrow-down
                  6
                  ·
                  edit-2
                  1 year ago

                  Actually I hope it gets leaked because that would mean it will gets fixed.

                  Also im pretty against state Trojans and such, but as long as it makes money.

                  And what’s stopping someone from leaking it? It’s not particularly illegal to sell exploits and leaking exploits owned by someone is illegal. Also they won’t sell it for free and browser exploits are really expensive. I talking about at least half a million dollars.

                  There is no solution, because nobody except the ones who made it know how it works and its not public.

      • filgas08@lemmy.world
        link
        fedilink
        English
        arrow-up
        16
        ·
        1 year ago

        browsers have become probably the most secure softwares on your computer.

        No, no they did not.

  • plz1@lemmy.world
    link
    fedilink
    English
    arrow-up
    24
    ·
    1 year ago

    Defense against it

    • uBlock Origin
    • NextDNS (I highly recommend this to everyone because you can easily get it for mobile devices and block ads served over mobile networks)
    • PiHole
    • Plenty of other options

    But if corporate media reported on ways to block ads, it’d eat into their own bottom line, so I can understand their choice to skirt the whole “ads are blockable with some level of effort” conversation.

    I’ve been blocking online ads for nearly the entirety of my multi-decade usage of the internet, to the point where seeing them now is actually quite jarring. The fact that they’re now a prime vector for malware and spyware/capitalist surveillance just one-ups the decision to block them just for the annoyance factor.

  • FluffyPotato@lemm.ee
    link
    fedilink
    English
    arrow-up
    20
    arrow-down
    1
    ·
    1 year ago

    Yea, that’s not new. Malware in ads has been around for like a decade. None of the major ad providers have given zero fucks about it so an ad blocker is mandatory and with Google trying to make ad blocking harder to impossible it’s only a matter of time until some major issues with this malware happens.

    • Bebo@literature.cafeOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      1 year ago

      But now they being used for targeting devices by Spyware! Another reason to hate ads.

    • Bebo@literature.cafeOP
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      Yes! And ublock origin on Firefox. And I use newpipe with sponsor block for youtube. Not seen an ad in ages. Ads are a cybersecurity threat no doubt.

  • Björn Tantau@swg-empire.de
    link
    fedilink
    English
    arrow-up
    12
    arrow-down
    2
    ·
    edit-2
    1 year ago

    This is using some vulnerability in iOS. I’m an Android and Linux guy, but let’s hope Apple quickly finds the bug and fixes it. And fuck that agency for not alerting Apple and instead profiting from it. And fuck the Israeli government for enabling them.

    Edit: I misread, supposedly this is miraculously able to target every device.

    • Semi-Hemi-Demigod@kbin.social
      link
      fedilink
      arrow-up
      9
      ·
      1 year ago

      Even better: Thanks to ad tracking you can show specific malware to a specific cohort of people. Want to get spyware on every computer in DC? Just sign up for our ad program!

      • fubo@lemmy.world
        link
        fedilink
        English
        arrow-up
        6
        ·
        1 year ago

        This sort of creepitude isn’t even specific to online ads.

        You know postal junk mail? The “direct marketing” companies that enable it will cheerfully sell you a list of the home addresses of people meeting any demographic characteristics you want.

        Do you have reason to want a list of 18-25-year-old gay men in the Boston area, widowed Asians in San Francisco, or military veterans in Oklahoma City? With their names, ages, and their home addresses?

        They can sell you one, perfectly legally, and it’s not even that expensive.

    • madsen@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      edit-2
      1 year ago

      From the article:

      What sets Insanet’s Sherlock apart from Pegasus is its exploitation of ad networks rather than vulnerabilities in phones. A Sherlock user creates an ad campaign that narrowly focuses on the target’s demographic and location, and places a spyware-laden ad with an ad exchange. Once the ad is served to a web page that the target views, the spyware is secretly installed on the target’s phone or computer.

      If they’re using ads on a web page to install spyware, then they’re most definitely exploiting vulnerabilities—unless they’re showing the user a ‘do you want to install XYZ?’, in which case this isn’t newsworthy at all. Ads aren’t some magical thing that can just go around installing shit silently, so I don’t know wtf the article is going on about, but it doesn’t make sense.

      Edit: The Register seems to have a more sensible take on it: https://www.theregister.com/2023/09/16/insanet_spyware/

    • gregorum@lemm.ee
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      1 year ago

      Apple released an update day before yesterday, and another today.

  • Treczoks@lemmy.world
    link
    fedilink
    English
    arrow-up
    5
    ·
    1 year ago

    And still websites are pissed that I block ads. Websites, the adblocker is not there to annoy you, it is there to protect me from your foolishness and lazyness when it comes to weed out bad actors.

  • sebinspace@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    Unity also purchased a company last year that was notorious for turning a blind eye to malvertisers