The New Invisible Malware that Threatens Kids Online
February 4, 2016
by Chemi Katz
Publishers specializing in children invest enormous efforts in creating the safest possible browsing environment for their young audience. Publishers don’t only focus on ensuring the content is appropriate and designed for the correct age group, but they also work hard to to create a “closed” and protected environment, free of external content, ads and spyware.
In November 2015, VTech experienced the biggest cyber attack ever targeting children, with 6.4 million children exposed. VTech admitted the breach included names, addresses, IP addresses, email addresses, etc. In addition, as indicated on Wired, 190GB of kids’ photos and chats may have been jeopardized during the attack.
The good news is that VTech identified the attack. The bad news is that this is just the tip of the iceberg; there are numerous ways to access the information, some of which are undetectable by any server-side security shields.
Client-side Injected Malware (CSIM) is a relatively new but rapidly growing type of malware that runs through customers’ devices and browsers. Users are infected by connecting to non-secure wi-fi networks or by downloading free software or browser extensions that appear legit but include malware.
Namogoo estimates that 15%-30% of online user are infected with CSIM. There are over 50,000 types of CSIM, including unauthorized ads, inappropriate content (including sexual content), and various types of spyware designed to collect data for unscrupulous uses.
For publishers targeting children, the impact of CSIM can be devastating. Product and video ads are particularly enticing for children and can lure them away from protected sites. It’s much harder for a child to resist the promise of free illicit images or the urge to click on an ad. CSIM also includes spyware that collects data on the child’s online behavior, passwords, even payment details. CSIM also includes social engineering attacks designed to collect information via fake surveys and forms that look legit but send the data to unauthorized parties.
The most frightening thing about these attacks is they are undetectable by traditional server-side cyber monitoring tools and are increasingly targeting the most vulnerable online users.
The bottom-line is simple. 15%-30% of users experience the website very differently that how it was designed. It requires publishers to re-think the way they protect their digital assets and their audience, specifically when it involves children. Namogoo works with publishers worldwide to protect their online brand and create a safe browsing experience for customers, whatever their age.