![](/static/253f0d9b/assets/icons/icon-96x96.png)
![](https://fry.gs/pictrs/image/c6832070-8625-4688-b9e5-5d519541e092.png)
Some software check for updates without requiring the packages to be signed. The ISP could do a HTTP redirect to a fake torrent client update. The program says “Update available”. It downloads a malicious version.
Other ISPs have been caught injecting adverts into their traffic. So there’s ways.
HTTPS would prevent advert injection, assuming you didn’t accept a bad certificate at any point. But if they control your router and infrastructure, they can still redirect you to other pages however they want.