Malvertising is a type of cyber attack that plants malicious code into legitimate-looking online advertisements. A vehicle to distribute malware to unsuspecting victims, malvertising is a major problem worldwide and has gained increasing prevalence across the web.

malvertising-definitionA 2019 report found that one in every 100 ad impressions online have malicious and disruptive intent. Similarly, in 2017, Google reported the removal of 100 bad ads per second. Of these malicious advertisements, 79 million were attempting to send people to sites with malware, 66 million were “trick-to-click” ads and 48 million were trying to persuade users to install unwanted software. With so many bad ads out there, it’s important to understand what malvertising is and how to prevent it.

What is Malvertising?

The term “malvertising” comes from a combination of “malware” and “advertising”, and involves exploiting online advertisements to spread malware or redirect users to malicious websites. Cyber attackers embed malware into the online ads of well-known online publications—or even on social media. Trusting these legitimate sites, internet users either load the webpage or click on the ad, which downloads malware onto their device.

How Does Malvertising Work?

Malvertising takes place in the online ecosystem of advertising networks where millions of ads are distributed daily across publisher sites, ad exchanges and ad servers. The complexity and sheer volume of ads involved in this system makes it difficult to thoroughly scrutinize every ad, and there’s no official vetting process in place. Many large websites also use third-party software or vendors to display their ads, and this automated environment leaves ads vulnerable to malvertising.

The typical strategy for malvertisers starts with buying ad space from publishing networks and submitting clean advertisements for a period of time in order to gain legitimacy. After a few weeks, criminals switch their legitimate ads for ones infected with malware, which get circulated across any number of sites a publisher or network is working with.

These deceiving ads can infect a computer with malware in two ways. In some cases, the user doesn’t even need to click the ad. Their device may be infected with malicious code simply by loading the page that has the ad on it. In other cases, the user must click the ad in order to be affected by the malware.

Not only are the users victims of malvertising, but many large websites are also impacted. Big names such as Spotify, WordPress, The New York Times, The Atlantic and Adobe Flash have lost credibility due to malvertising attacks.

Malvertising vs Adware

Malvertising is often confused with ad malware or adware, another type of cyberattack that uses advertising as a cover for malicious software. Malvertising refers to malicious code that’s initially embedded in ads on a publisher’s web page, which only affects the users who view that particular page. Adware, however, is a malicious program running on a user’s computer. Once installed, the program operates continuously in the background and can affect every webpage a user visits.

What Can Malvertising Do to Your Computer?

A common misconception about malvertising is that if you don’t click on an infected ad, you’re safe. Unfortunately, this isn’t the case, and attacks can happen whether you actually click on the ad or not. Depending on the type of malvertising attack, there are a handful of risks it can pose to your personal data and information.

Personal Data Theft

Some cybercriminals use malvertising to plant spyware on your device that directs your personal data into the hacker’s hands. Malicious ads may also force your browser to redirect to spoofed sites that impersonate legitimate ones as a way to trick you into giving up your login credentials or other information. Hackers might use this data to exploit you further or sell the stolen data on the dark web, where other cybercriminals can use it in other identity theft schemes.


Financial Extortion

If an infected ad installs ransomware on your computer, the hacker who planted it may carry out an extortion attempt. Ransomware is a malicious software that locks you out of your own files, so hackers can turn around and demand a ransom payment before they give you access.

Types of Malvertising

There are two main types of malvertising that you should be aware of. Both involve the use of ads to host malware, but their methods of releasing the malware differ.

Drive-by Download

A drive-by download is when a harmful software is downloaded onto a person’s computer without them interacting with the page. By simply loading the webpage, they fall victim to the attack. In the case of malvertising, if a fraudulent ad has infected the page, a user’s device will be infected as soon as they load it.

Click to Download

In a click to download scenario, the user must interact with the ad for it to infect their device. These ads are made to mimic legitimate ones to deceive the person who lands on the page and entice them to click.

Malvertising Examples

One of the reasons malvertising can be so tough to spot is it’s frequently distributed across the major ad networks and online publishers we already trust. In recent years, there have been increasing counts of large, reputable companies who fell victim to malvertising attacks, which results in their users’ and victims’ devices becoming infected with malware.

COVID-19 Attack

In 2020, Internet Explorer users were targeted in a COVID-19-related malvertising attack. Amid the high stress and fear of the pandemic, cybercriminals adjusted their malvertising campaigns to include a fake advisory notice about COVID-19. The attackers hosted their campaign using an exploit kit called Fallout, which targets users using old or outdated versions of Internet Explorer

VeryMal Attack

The VeryMal malvertising attack hit two major ad exchanges that distribute ads across many top publishers, and was targeted specifically at Mac users. It was accomplished by a steganography-based attack (the hiding of data in online content such as images and videos)  that redirected users to a spoofed website that contained Trojan malware disguised as a Flash update.

How to Prevent Malvertising: 3 Strategies

Malvertising is a tricky type of cyberattack that can be difficult to detect and mitigate, but your odds of protection are higher if you know what to look for. Here’s how you can properly prevent a malvertising attack.

1. Use a Strong Antivirus

A trustworthy antivirus program can go a long way in reducing your chances of encountering a malvertising attack. Antivirus is the best first line of defense against an array of online threats that lurk around the web, including malvertising and other forms of malware. With real-time protection against malvertising downloads or installation attempts, this is one of the simplest ways you can safeguard your data and devices.

2. Keep Software Up to Date

Many malvertising attacks rely on exploiting existing software vulnerabilities as an easy path to infect computer systems. When you update your software, you’re ensuring that any security vulnerabilities are taken care of and not left open to hackers. Taking care to keep your software updated is one of the easiest ways to prevent these types of attacks.

3. Install an Ad Blocker

An effective way to stop malvertising in its tracks is to simply install an ad blocker on your computer. Ad blockers stop ads from being displayed on webpages—and you can’t accidentally click on a malware-infected ad if it never appears on your screen. Keep in mind that this won’t prevent every kind of malvertising attack—like a drive-by download attack that doesn’t need any user interaction in order to infect a device—but it will help mitigate some.

As technology continues to advance and the number of internet users grows, cybercriminals will continue to look for vulnerabilities in systems and find ways to exploit unsuspecting victims.

Knowing how malvertising attacks work and the warning signs to look for can help ensure your data stays safe from harm. To keep all of your devices properly protected, consider implementing a cross platform antivirus program to increase your safety and reduce the odds of an attack.