A Big (Bad) Moment for Ad Fraud
A lot of the news we've been hearing about ad viewability and ad fraud in the last couple months has been pretty good. Improvements are being made, and even the bad news is really just in our feeds because improvements in transparency have made it discoverable.
That's why this news is a downer. The TLDR version is this: Chrome (and Firefox) have updated their browsers to include a stealth mode where a program (legitimate or virus) can run your browser in the background without you ever knowing seeing any indication it's happening. This could lead to ad fraud in places that have been relatively safe until now, like verified-identity environments like Facebook and Google.
Here's the details.
Bleeping Computer reported that Chrome and Firefox Headless Modes May Spur New Adware & Clickfraud Tactics. The stealth browser type of malware I described above used to only be possible if a virus managed to download a relatively large package that's the equivalent of a stand-alone web browser. That was easier for anti-virus programs to catch. Now, all a virus has to do is tap into existing functionality in the browser you already have. Much easier.
The biggest implication here, though, is that the browser you already have has a lot of persistent logins attached to it. So while malware-installed headless browsers could only perform ad fraud by building a cookie-based user profile to become eligible for behaviorally-targeted display ads, there's the potential that a Chrome-based piece of headless browser malware could take advantage of your Facebook and Google logins to perform ad fraud in previously safe environments. And because their relatively safe reputations have allowed Facebook and Google to charge premium prices (equating to higher revenues for publishers), you can bet adware creators are dying for a way to tap into that revenue source.