Do you ever wonder how legitimate the ads you see online are? Some may look normal, but what if they have malicious code hiding within them? Malvertising, a type of cyber attack that uses advertising to spread malware, has been on the rise and is something you should watch out for.

A 2019 report found that one in every 100 ad impressions online have malicious and disruptive intent. Similarly, in 2017, Google reported removing 100 bad ads per second. Of these, 79 million were attempting to send people to sites with malware, 66 million were “trick-to-click” ads and 48 million were trying to persuade users to install unwanted software. With so many bad ads out there, it’s important to understand what malvertising is and how to prevent it.

What Is Malvertising?

Malvertising is derived from the combination of the words “advertising” and “malware.” As the name suggests, malvertising is a type of Internet advertising in which an ad is used to spread malware. Cyber attackers embed malware into an ad and place it in a well-known publication — even on social media. Internet users trust this site and either load the webpage or click on the ad, causing it to download malware onto their device.

bugs on an online newspaper

How Does Malvertising Work?

Typically, malvertising occurs when cybercriminals buy ad space on a credible website and display normal looking ads that have malicious code hidden in them. This can occur because large websites depend on third-party vendors and software to run their ads. These vendors try to weed out the bad ads, but cybercriminals have found loopholes that allow them to display these ads with malicious codes.

These deceiving ads can infect a computer with malware in two ways. In some cases, the user doesn’t even need to click the ad. They may be infected by the code simply by loading the page that has the ad on it. In other cases, the user must click the ad in order to be hit by the malware.

Not only are the users victims of malvertising, but these large websites are also impacted. Big names such as Spotify, WordPress, The New York Times, The Atlantic and Adobe Flash have lost credibility due to malvertising attacks.

Malvertising vs. Adware

Malvertising and adware are often confused. While they both use advertising as a cover for malicious software, their methods differ. Malvertising refers to the code that is embedded in a malicious ad that a user may download after visiting a single webpage. Adware is a program that is constantly being run on their computer and affects every webpage they visit.

graphic showing types of malvertising

Types of Malvertising

There are two main types of malvertising that you should be aware of. Both involve the use of ads to host malware, but their methods of releasing the malware differ.

Drive-by Download

A drive-by download is when a harmful software is downloaded onto a person’s computer without them interacting with the page. By simply loading the webpage, they fall victim to the attack. In the case of malvertising, if a fraudulent ad has infected the page, a user’s device will be infected whenever they load it.

Click to Download

In a click to download scenario, the user must interact with the ad for it to infect their device. These ads are made to mimic real ones in order to deceive the person who lands on the page and entice them to click.

graphic showing ways to protect against malware

How to Protect Against Malvertising

When it comes to malvertising attacks, there are some warning signs. The key is knowing what to look for. To help you learn these signals and avoid falling victim to a scam, we have a few suggested tips and tricks.

  • Does the ad look legitimate? Check to see if the information seems reasonable and accurate.
  • Use an ad blocker to block all advertisements while you’re browsing. This way there won’t be any ads tempting you to click on them.
  • If you’re interested in what the ad is selling, do a separate search for the company or product and find it on their site. The same deal should be offered on their site if it’s legitimate.
  • As a general rule, you should resist clicking on ads, no matter how credible the site seems.
  • To ensure that your device is safe, install an antivirus or anti-malware software on your computer. Try Panda Security’s antivirus, which will work to protect you against malware and ransomware.

With the income that advertisements bring to websites, the use of ads and infiltration of malvertising isn’t going anywhere. Knowing what malvertising is and how it can impact you will help you defend yourself against these common cyber attacks and becoming a statistic.


Techopedia I CSO I LastLine I Imperva I Techopedia