Malware Peekaboo: It’s a Short Road to Become Infected

Chemi Katz
  • Chemi Katz
  • December 21, 2015

Customer Journey Hijacking has been playing “peekaboo” with enterprises in the last couple of years. Some companies are aware of it, especially due to customers complaining about “weird” ads and a faulted customer journey. But for most enterprises client-side injected malware is completely invisible.

The reason is very simple: these unauthorized injected ads are undetectable to server-side security shields. It has nothing to do with companies’ servers or infrastructure. These invasive promotions reside solely on the end-users’ devices, both and mobile.

Users can easily become infected with Customer Journey Hijacking by downloading various kinds of software and browser extensions that may seem legit, but really include hidden malware and spyware. This can be found in everyday browser extensions, plugins, toolbars, and even malvertising – ads that are officially authorized but include malicious components that infect users. Software vulnerabilities include phishing emails and daily-used applications that were temporarily hacked to infect users with malware.

40%-60% of infections are on mobile devices, which have not been able to escape “Malware Peekaboo”. Somewhat like web infections, mobile infections can originate in free mobile apps (all those free flashlight apps need to make money in some way or another), re-packaged apps and even pre-installed apps.

But, even “clean” devices can easily get infected. Hackers often leverage router hijacking to unnoticeably infect desktop and mobile devices. Cellular networks are not free of malware and at times are subject to hacking attacks that can cause users to become infected with malware that will last much longer than the specific hack.

Though infection occurs on the client-side, the users are not protected by anti-viruses, which are not designed to deal with client-side malware injections. So practically, Customer Journey Hijacking easily hides from both client-side protection layers and server-side protection layers.

Despite the fact infections occur on the client-side, the main impact falls directly on businesses and the integrity of their digital assets. Once infected with Customer Journey Hijacking, your visitors will experience your site completely different from the way it was designed. Customer Journey Hijacking injects unwanted ads, disrupting visitors’ experience, taking away their attention and subsequently luring them away. Invisible spyware poses a significant threat to users’ private and sensitive data.

Fortunately, there’s Namogoo. With a simple and quick integration, Namogoo gives your website enterprise-grade protection against Customer Journey Hijacking. Our machine learning algorithms go to work spotting and preventing invasive code injections as they happen. The end result? Everything works just as it should. The only evidence you’ll see is in your Namogoo dashboard where we show you the threats that have been stopped and keep you up to date with all of the information that we’ve gathered.