One of the web’s most prominent anti-ad-blocking tools has been serving malware toEconomist readers. In a message to subscribers, The Economist warned that anyone who visited the site between 11:52PM and 12:15AM GMT on Halloween night may have been exposed to malware. The malware was served as a result of a breach at Pagefair, a tool used to circumvent ad blockers.
The Economist was one of roughly 500 publishers affected by the breach, and Pagefair estimates 2.3 percent of users on the sites were affected. The malware itself was a modified version of the otherwise legitimate Nanocore remote-access tool, and Nanocore has since undone any resulting infections by disabling the offending account.
While the damage appears to be limited, the attack is a stark reminder of the security implications of advertising on the web. Pagefair was outspoken in the ad-blocking debate, most notably with a report projecting $22 billion in publisher losses from the blockers in 2015. Pagefair’s product offers publishers a way to get around ad-blocking through alternate tracking methods and specific deals with blockers like AdBlock Plus. That system allows publishers to serve ads, but exposes users to the same malvertising attacks that would be possible without an ad-blocker.
While the breach is certainly embarrassing for Pagefair, it’s not clear that the damage is any worse than equivalent breaches suffered regularly by ad servers on the web. One attack from last September served millions of malware-laced ads through Doubleclick servers. The attacks also seem to be on the rise: one study found malvertising attacks tripled between June 2014 and February 2015.