What is Malvertising? A Complete Guide to Protect from It

Nwachukwu Glory  - Tech Expert
Last updated: July 5, 2023
Read time: 18 minutes Disclosure

Malvertisement is a sophisticated web threat that infects your device while you surf online. Here's all about what is a malvertising attack and how to prevent the threat.

Advertisements, especially intrusive ones, are seldom welcome in public on any media. But online advertisements are not just intrusive but may also spread malware – that is, execute malvertising. What makes malvertising popular among adversaries is the stealthy mode of malware transfer. Often, the users’ devices get malware even without interacting with an ad. Therefore, using robust ad and popup blockers is the key to preventing malvertising. Moreover, users also need to follow safe browsing practices and avoid visiting websites from untrusted sources.

Ads can be frustrating and annoying, especially when they keep distracting you. But have you ever wondered if the ads you see on your web browser are legitimate and safe?

Some of them are disturbing; some look normal, but the irony is there could be malicious codes embedded within ads you see online. Such ads are called advertisements.

Malvertising is a growing trend in the cyber world, and it deploys ads to end-user systems for carrying out cyber attacks. As a result, it can infiltrate your device and cause harm.

Worry no more, though, as this detailed guide will teach you to defend against malvertising attacks. But, to better prevent malvertising, you must understand the basic principles first. So let’s start with them.

Can you get malware from ads?

Yes! You can get malware from ads. The research carried out in 2019 found that hackers imbed malicious codes in one out of every 100 ads with disruptive intent.

Nonetheless, tech giants like Google have been working hard to eliminate intrusive and malicious ads from their platforms.

According to reports, Google removed as many as 100 malicious ads every second in 2017. Of these, 66 million were trick-to-click ads, 79 million redirected people to malicious sites, and 48 million tried to persuade internet users to install a malicious program.

Internet users face multiple threats from malicious ads. The most common malvertising threats and attacks are from ads and auto-redirects. In auto-redirects, an internet user is automatically redirected to a harmful page.

Others include malware ransom attacks, phishing scams, auto file downloads, etc. That is the magnitude of malvertising problems internet users face today. So, you must watch out to protect your information from hackers. Do not take it for granted.

Malvertising explained

Malvertising or malicious advertising is a growing technique that cybercriminals use to carry out malicious internet campaigns. The name comes from the combination of two words, which are malware and advertising.

Offenders would often take over an entire advertising network, and sometimes they pay for display ads. They deploy various kinds of ads to carry out cyberattacks and infect users with malware and spyware.

Some malware ads are so robust that it becomes troublesome to avoid them. Talking about malvertising technology’s complexity today, a user may not even click on the ads for the malware to attack in some instances. That means you can become a victim by visiting a site with a malicious ad.

Cybercriminals often develop these malicious ads and place them on legitimate and illegitimate websites to gain optimum results. Some of the sites where malvertising appears are popular and trusted. Unfortunately, unsuspecting users often load the pages and get infected through the poisoned ads.

What are malvertising attacks used for?

What are Malvertising attacks used for

Cybercriminals develop various forms of malware and use them for many nefarious activities. For example, advertisers may carry out espionage, sabotage, ransom, and fraudulently profit from advertising and e-commerce agencies.

Did you know that malvertisers can buy advertising space on some of the world’s most popular websites? In the past, these unscrupulous ads have found their way into websites such as Spotify, New York Times, the London Stock Exchange, and so on.

As hinted earlier, you can still be a victim whether or not you click on these ads. This strategy is what we know as “Drive-by-Download.” All it takes to be a victim is a mere visit to a website with malicious ads.

Here are the various uses of malvertising in brief detail:

1. Ransomware attacks

Ransomware is a malicious application that encrypts a target device and renders the information unreadable/unusable. Then, the cybercriminal would demand a price or ransom from the victim to restore data.

They will show you how to make payments, and you’ll get a decryption key to your device.

Some cybercriminals sometimes will not send you a decryption key, and your information becomes permanently unreadable even after you’ve paid their demanded money.

Ransomware gets deployed through many ways to gain access to users’ devices today, and Malvertising is among the most efficient methods that get the job done for hackers.

2. Spyware attacks

Spyware can infect your device and monitor your activities for an extended period without your notice. They take note of your screenshots, emails, chats, messages, keystrokes, and ultimately every bit of your data.

After gathering targeted information, the spyware sends it back to the cybercriminal server through the internet. Cybercriminals can use the information to blackmail you, carry out espionage, identity theft, unauthorized fund transfer, etc.

Sometimes they can use spyware to monitor you and deploy more intrusive ads onto your device. Spyware monitors your activities and helps people with malicious intent to deploy intrusive ads on your browser through malvertising. That is why spyware removal should be among your regular system check-up practices.

Have you ever wondered why you started receiving ads for similar products you bought online? Sometimes you would receive endless and annoying ads after searching for a specific product or information online.

Other times you may even receive direct emails and phone calls about products and services you bought or searched for online. Spyware facilitates this whole annoying process.

3. Trojan infections

The name “Trojan” came from the Trojan War. Greek soldiers invaded the city of Troy despite high resistance to winning the war. Eventually, the computing world adopted this word for a powerful malicious program that can invade your device and infiltrate you.

Trojans are one of the most potent and lethal malware today. Malvertisers can deploy Trojans to your system just by making you visit a poisoned link.

Another way hackers and cybercriminals use trojans to gain access to your device is through social engineering. They can use it to spy on your cell phone and other devices once they access your system.

4. Cryptojacking

It is a hacking form where hackers illegally hijack someone’s computer to mine cryptocurrency. Cybercriminals use malvertising to deploy these tools. Cryptojacking uses automated JavaScript codes to carry out its ruthless functions.

In the past, malware was the only way to get infected by clicking on an infected link, downloading a file, or opening an attachment. But over the years, hackers have dramatically improved their codes and techniques.

Today you do not necessarily have to click on a link or open an attachment to be a victim. Instead, all it takes is a malicious ad to appear on your browser, and your computer starts mining cryptocurrency without your knowledge.

5. Hacking by bots

Hackers use automated bots to recruit secondary devices and carry out DDoS attacks. DDoS is an acronym for distributed denial of service, and it is a rising problem worldwide.

Cybercriminals deploy botnets to send heavy traffic to servers, networks, and websites to overwhelm them and ultimately take them offline or do malfunctioning. One way they achieve that is through malvertising.

6. Adware campaigns

Adware generates revenue for a cybercriminal by developing unauthorized traffic and online advertisement. It mainly earns through advertising agencies and eCommerce stores.

They direct ads to an advertising agency or eCommerce store and make money. In some cases, they redirect the user’s traffic and make it seem like it is coming from the cyber-criminal. Like many other computer viruses, adware disguises itself in the form of ads and gets into your system when you visit an infected website.

So, these are some main ways how perpetrators use malvertising. Even large corporations are not safe from these attacks, let alone individuals. These deceiving ads can get into the websites of large corporations, which can result in a bad reputation. These malicious activities have infected big names such as Adobe FlashWordPress, and The Atlantic.

How does malvertising affect web users?

Malvertising is a potent cybersecurity risk that affects every internet user it comes across. When it’s about the end users – you – here’s how it impacts your online security upon clicking or viewing the ad (even when you do not click).

  • Installs adware or other malware on the target device. Such attacks usually exploit browser vulnerabilities.
  • Redirects the user to malicious sites.
  • Barrages users with annoying or malicious ads and pop-ups by executing dangerous scripts.

Impact of Malvertising on web publishers

Malvertising is even more dangerous for web publishers, affecting their credibility among the clients and in the market, apart from inflicting financial losses. Moreover, in large-scale data breaches, publishers even risk suffering legal consequences.

Therefore, for publishers, preventing malvertising is crucial, not only for their own security but also for the safety of their customers. However, detecting malicious ads becomes complicated when they allow dynamic advertising on their sites and lose control over how and which ads the relevant ad networks publish. That’s where the malicious ads sneakily reserve a place on legit websites, ultimately targeting publishers and users.

Malvertising vs. Adware

Malvertisements vs. Adware

Adware and malvertising share a lot of similarities, but they are different.

Malvertising is used to embed malicious codes in adverts. They’re highly manipulative and create an open door for viruses, spyware, and other fraudulent applications to hijack your system.

However, adware constantly runs on a user’s device and affects how web pages function. Few are safe, but some of them are highly intrusive and dangerous.

In summary, malvertising disguises intrusive applications through ads, while malicious adware generates money directly for the cybercriminal by driving traffic.

Malvertising does not make direct money for the cybercriminal. Instead, it creates a loophole for the wrongdoer to make money through blackmail, ransomware, spyware, and other methods.

Hackers use adware to send ads to users, and the advertisement agency pays them for every ad clicked. In some instances, malvertising deploys adware to spread malicious ads to users.

Types of malvertising

Now that you know the essentials of malvertising, let us look at the types.

There are two major malvertising types, and both deploy ads to host malware on your device. But the method of execution differs. They are Click-to-Download and Drive-by-Download malvertising.

1. Click to download

In this malvertising type, the user must click on the ad before it can infect the user’s device. These types of ads masquerade as real ads, and they deceive users into clicking on them.

2. Drive-by download

A drive-by download does not require users to interact with or click on the ad. It automatically infects your system once you visit a website it has been deployed on. Sometimes you can also get infected when it forcefully redirects you to an infected website.

Malvertising examples

By giving you examples, we do not want our readers/you to even Google and land on any malvertising resource. So instead, we will talk about how to spot any malvertising campaign.

You might wonder how to identify the actual adverts from those appearing online. And which ones are potentially harmful? Let us teach you how to identify malvertisements.

Since cybercriminals keep developing sophisticated systems, you cannot decide at a glance if an ad is part of a malvertising campaign or legitimate. However, you can use some strategies and look for alarming signs to avoid clicking on a malvertisement. Below are some signs you need to be aware of:

  • Ads with mediocre designs that suggest a professional graphic designer did not design them.
  • Ads promising celebrity scandals or miraculous cures. (Anything online that sounds too good to be true is likely a lie.)
  • Advertisements with spelling errors.
  • Ads mismatching with your typical/recent browsing behavior or web search history.

Where do internet users encounter malvertising?

You can be exposed to malvertising on an infected website or application on the internet. That includes advertisements on videos, banners, pop-ups, web applications, and so much more.

Sometimes the website displays ads directly, and on another day, it may be third parties or ad networks. (An ad network connects advertisers and websites and deploys various ads based on users’ searches and preferences.)

Arguably, you can encounter malvertising on any website.

But you would likely see them on gambling portals, pornography sites, document-sharing websites, etc. Therefore, it is imperative to avoid such websites because they are heavy malware carriers.

How do attackers get their ads onto websites and apps?

How do spammers get their ads onto websites and apps

Hackers and cybercriminals deploy malvertising on the internet in three distinctive ways. Below we cover them all:

1. Compromising ad network

It is an efficient technique used by hackers to infect devices with malvertising.

Cybercriminals take over a network, compromising the network and spreading malicious ads on the internet through a hijacked network. This method helps wrongdoers compromise and use even legitimate websites for their interests.

2. Buying ad space

Attackers would usually buy ad space on websites with malicious intent. They pay advertisers and website owners to deploy ads that infiltrate users’ devices without them knowing.

Some website owners and advertisers may not be aware of the malicious intent of the ads. But sometimes, others may not care because they only want to make money.

3. By building an advertising agency

Cybercriminals can build their own ad network and marketing agencies to trick users and carry out attacks. However, this strategy is uncommon because it requires more funds and work.

But, powerful and well-funded cyber criminals have, in the past, formed agencies to carry out attacks.

In 2017, a criminal agency created 28 ad agencies, which they used to deploy about 1 billion malvertising ads known as the Zirconium attacks.

How malvertisers escape detection

Initially, the malvertisers design their advertisement harmlessly. The ad looks legit, with a creative end for user interaction and a legitimate landing page. Then, when the ad successfully passes through a scan, the malvertiser cleverly replaces the initial creative with the one intended for the users. At the same time, the malvertiser also links the actual malicious landing page to the ad, replacing the previously scanned harmless one.

These malicious landing pages are designed in a tricky way to bluff users. They often imitate otherwise legit websites in design and layout. But the pages are seldom intended to provide the offered service. Instead, the attackers aim to target users visiting the web pages with malware or steal sensitive information such as login credentials or credit card details. That’s how the malvertisers carry on successful phishing and malvertising campaigns, escaping any detection and security checks.

How does malvertising succeed in infecting site visitors?

How can malvertisements infect site visitors

Understanding system vulnerabilities is the first step in knowing how to prevent malvertising. Malvertising infects internet users primarily by exploiting vulnerabilities or social engineering. Let’s take a look at the key ways malvertising infects a website’s visitors:

1. Vulnerabilities

Computer malware is known to take advantage of vulnerabilities and loopholes in your system and infect it. Therefore, you should never neglect to update your plug-ins, web browsers, and device operating system.

An outdated system and application create loopholes for hackers to infect your system with malicious programs.

Setting up an auto-update on your system can save your day. The vulnerabilities caused by the following can create loopholes for cybercriminals to take advantage of:

  • Outdated web browsers
  • Outdated operating systems
  • Older versions of web browsers
  • Older versions of plug-ins and extensions
  • Older version of adobe flash

2. Fingerprinting

Cybercriminals will often check for fingerprints on users’ devices to determine if there is any vulnerability. Then, if they detect any, they deploy tools that exploit those vulnerabilities through a series of attacks.

Browser fingerprinting is a technique that cybercriminals (and digital agencies) use to cluster a range of information about a user to identify them on the internet. The data can include system configuration, IP address, device name, operating system, browser version, and more.

3. Social engineering

Social engineering is a technique that cybercriminals use to manipulate people and make them hand over their sensitive information.

While browsing, you may have received a message that your device is infected or will soon crash. That is usually not true but a trick by cybercriminals to make you panic and hand over sensitive information to them.

Once users fall into an attacker’s trap, he then uses the collected information to hack users’ accounts and devices.

The information attackers seek may vary based on their intent, but they mainly trick people into unveiling banking details, passwords, etc. Sometimes they ask you to run other applications on your PC to resolve an issue. Then guess what? Your system will be infected after you run such applications.

Mobile malvertising

A few years ago, only computers were the prime targets for malvertising. But lately, smartphones and tablets have become the main focus of malvertisers.

The reason behind mobile devices becoming a hotspot for malvertising is simple. It is because more people are using mobiles to access the internet today. Also, as per the reports, 60% of people click on mobile advertisements at least once every week. That pretty much tells why malvertisers are shifting their focus onto mobile users.

Recently malvertising has targeted both iPhone and Android users all around the world. Cybercriminals use malvertising to carry out intelligent phishing attacks on mobile devices. Crytojacking is also rising dramatically, where criminals hijack phones to conduct cryptocurrency mining.

And lastly, malvertising campaigns are used to deliver malware payloads on mobile devices. These attacks are carried out through ads that install infected applications on users’ systems.

How do I get rid of malvertising?

The protection guide

However, you can take the following internet security best practices steps as an individual to prevent malvertising:

1. Keep your system and applications up-to-date

An outdated operating system, web browser, plug-in, and storage devices can become a security hazard anytime. If your device is outdated, your system will be more vulnerable to ransomware, spyware, Trojans, and other malicious programs.

Carrying out the regular operating system and browser updates can significantly eliminate vulnerabilities in your device. That way, you can prevent hackers from exploiting device vulnerabilities and deploying programs that can pose security challenges to you.

2. Make a reputable antivirus your friend

3. Use a safe browser

Many web browsers out there lack the robustness to handle malvertising. Most mainstream reputable web browsers cannot protect you against malvertising 100%. But some of them have an adequate security mechanism to help keep you safe to some extent. For example, Mozilla Firefox, Google Chrome, and Microsoft Edge browsers have safety features on newer versions of their web browsers for safer browsing.

That is not the case with other widely-used web browsers.

On top of making your Firefox, Chrome, or Edge more secure, you can also consider trying some security-focused web browsers available today.

Lastly, no matter whichever browser you use, ensure that JavaScript and Flash players are set not to auto-run on your web browser. Your system can be compromised through flash players and scripts; therefore, you must understand their source before playing them (if you need to, you must).

4. Consider using a firewall (or activating your existing one)

Installing an effective firewall can significantly keep you away from malvertising trouble. The firewall should be enabled on personal devices and enterprise devices alike.

The best thing is that you do not need to spend a fortune on a firewall. Today, you can easily find free firewalls that quickly stop malfunctions like redirects, keeping you safe from landing on an unsafe website. Moreover, firewall rules can also be set to manage iframes and other tools that hackers deploy to infiltrate devices.

5. Be cautious all the time

Avoid visiting potentially harmful websites, be careful while downloading files and applications online, and avoid adding unknown plug-ins to your browser.

Unfortunately, many insecure add-ins on the internet can significantly expose you to security threats. So, install extensions developed by reputable organizations and only the ones you need.

Furthermore, you should download files from trusted sites only. Also, get mobile applications only from the official Play Store or Apple Store. You must avoid downloading applications from third-party websites.


Malvertising is a growing trend among cybercriminals, but fortunately, some effective ways to prevent it exist today.

Remember, aside from deploying technological tools such as antivirus and firewalls; you should also surf the web with caution always. Below is a list of quick common-sense reminders for you to keep in mind to stay protected from malvertising:

  • Be cautious of ads, and do not randomly click on suspicious ones. Instead, critically examine them to determine whether they are genuine.
  • Ignore pop-ups telling you that your device is infected with a virus or about to crash, except if the warning comes from your antivirus program.
  • Exercise caution while downloading files and attachments on the internet.
  • Always ensure that your device’s operating system and entire applications are updated.

Please remember one thing: malvertising is an ongoing information security threat.

Since ad revenue powers a significant web portion, cybercriminals will keep working with whatever loose ends they find. That fact and the possibility of injecting malicious codes into ads online have led to malvertising, primarily acting as a starting point in web attack campaigns.

One bitter truth is that users can do little to avoid this arms race. But implementing the cybersecurity and behavioral basics covered above is the best way forward for everyone.

While doing even all that will not make publishers, website visitors, and ad networks shatterproof against malvertising will still make things challenging for the attackers. If you have followed this malvertising protection guide to this end, it is more likely that such malicious campaigns will move on and decide to try their luck on the next (more accessible) targets.

Share this article

About the Author

Nwachukwu Glory

Nwachukwu Glory

Tech Expert
60 Posts

Nwachukwu Glory is a writer, blogger, and tech nerd. She loves trying new gadgets that make life more fun ( and easier). Glory is passionate about digital security and privacy alongside browsing the World Wide Web without any limitations.

More from Nwachukwu


No comments.