3 Sneaky Ways Bad Actors Try to Disguise Ad Injectors

ad hijacking virus
Einat Etzioni
  • Einat Etzioni
  • December 19, 2019

Customer Journey Hijacking (CJH) is a widespread problem for today’s eCommerce websites. Unauthorized ad injections occur during between 15% and 25% of online shopping sessions, using adware and WiFi hijacking to display banners, pop-ups, and product ads – many of them designed to look like they’re part of the website the user is visiting. Moreover, they  disproportionately affect the most active consumers, at peak times, on the most promising webpages.

But while all ad injections are intended to redirect prospective customers to other sites, some ad injectors stand out for the lengths they go to in order to remain hidden. In a world in which Customer Hijacking Prevention technology is increasingly sophisticated, these ad injectors are doing their best to avoid getting caught.

To give you a sense of how nefarious and well disguised ad injectors can be, here’s a look at three of the hiding strategies used by the sneakiest of them:

1. Using a shadow DOM

Using a shadow DOM is a specific way of insulating a portion of a webpage from the rest of that page.

To understand the general idea behind this technique, it is helpful to first understand how a typical ad injector works. Specifically, when a typical ad injector determines that it is time to display an injected ad, it will direct the user’s browser to access a designated domain and display an ad from that domain. While this approach is often effective when left alone, technology like Namogoo’s can almost always identify the problematic domain and prevent injected ads from being displayed.

By taking the portion of a website that displays injected ads and hiding it within a shadow DOM, an ad injector makes it more difficult to determine that that website is involved in Customer Journey Hijacking. If this approach to CJH is successful, that website’s domain won’t be flagged, its injected ads won’t be blocked, and it will be able to continue displaying unauthorized ads to online shoppers.

2. Using legitimate-looking domains

A reputation can say a lot when it comes to domains, and the people behind some particularly sophisticated CJH schemes know it. Realizing the value of having a legitimate-seeming URL, these individuals and businesses acquire subdomains hosted by well-regarded services such as Fastly, CloudFront, and Akamai. Then, they use these subdomains to inject unauthorized ads into that user’s browser. This way, the bad actors hope, they can disguise the websites driving their injected ads so that they will not be identified and blocked.

Some of these ad injectors go even further to stay hidden, frequently switching between multiple domains. In some cases, an ad injector will display ads from dozens of different domains – each of which is hosted by a legitimate company – in order to be as difficult as possible to catch.

3. Using no domain

Realizing that Customer Hijacking Prevention solutions block many injected ads by using blacklists of illegitimate domains, many of those who engage in CJH opt to do away with the need for a domain entirely. Instead of injecting adware that provides the user’s browser with a URL from which unauthorized ads can be pulled, these individuals and businesses will pack an entire ad injector into the native code of an illegitimate browser extension.

Then, these bad actors can either entice shoppers into downloading their extensions. This way, an illegitimate browser extension can track a user’s online activities and determine when the time is right to inject an ad. When the time comes, the extension simply relies on its own built-in code to display the injected ad to the user.

How does Namogoo address these hiding strategies?

While each of these three strategies is designed to make it difficult for technology like Namogoo’s to identify and block ad injections, our solution can handle these types of challenges effectively. Despite ad injectors’ best efforts, our platform enables the retailers we work with to cut the sales revenue lost to Customer Journey Hijacking by a full 90%.

In many cases, Namogoo’s effectiveness stems from our process of studying and evaluating the legitimacy of a domain. When our solution encounters an unfamiliar domain, it uses sophisticated machine learning to consider a wide variety of factors and determine whether that domain is part of an ad-injecting scheme. Once our system flags a domain as illegitimate, it prevents that domain from injecting ads in the future.

Importantly, our Customer Hijacking Prevention solution maintains a 0% false-positive rate – meaning that its approach to evaluating unfamiliar domains prevents it from accidentally blacklisting a legitimate domain.

In addition, our solution can identify ad injections through a flexible, rule-based process capable of handling even complex sets of rules. This approach can be particularly effective when confronting an ad injector that relies on a shadow DOM, or an ad-injecting browser extension that doesn’t require the use of an external domain.

The big picture of Customer Journey Hijacking

While the hiding strategies we’ve explored in this post are used by a minority of ad injectors, they represent some of the sneakiest attempts to disguise Customer Journey Hijacking as legitimate activity. More broadly, CJH is a widespread problem affecting eCommerce websites across the board. And when left untouched, it is remarkably effective at making money for unscrupulous affiliate marketers at the expense of legitimate eCommerce websites.

Still, despite the various ways ad injectors try to hide, the intelligent and flexible technology that we at Namogoo use is overwhelmingly able to prevent them from affecting shoppers visiting the online stores that we work with.

Of course, the ultimate test of our technology’s effectiveness is its impact on our clients’ business outcomes. In this regard, the bottom line is clear: Our Customer Hijacking Prevention solution enables our clients to increase their overall online conversion rates by between 2% and 5% – boosting their revenue per visitor by between 5% and 7%.

How is Customer Journey Hijacking impacting your eCommerce sales? To see what ad injectors are up to within your online store, you can get a free website analysis today