What Is Malvertising?
Estimated Reading Time: 7 minutes
Don’t invest unless you’re prepared to lose all the money you invest. This is a high-risk investment and you are unlikely to be protected if something goes wrong. Take 2 minutes to learn more
Malvertising is a cyberattack where hackers inject malicious code into legitimate online ads. These infected ads appear on trusted websites and redirect users to unsafe pages, compromising their devices or data. Because the code hides within normal ad networks, malvertising often spreads widely before detection.
How It Works
Online ads pass through complex networks involving publishers, ad exchanges, and content delivery systems. Cybercriminals exploit this web of redirects to secretly insert harmful code. When users view or click such ads, malware can automatically download, allowing attackers to steal data, spy on activities, or hold files for ransom. Some attacks use exploit kits to identify and exploit security weaknesses in the victim’s system.
Malvertising vs. Adware
Though similar, malvertising differs from adware. Adware is software installed on a user’s device—often unknowingly—that floods screens with unwanted ads or tracks browsing data. In contrast, malvertising operates through online ad networks, infecting users before any software installation occurs.
Malvertising vs. Adware: Key Differences
While both malvertising and adware involve malicious ads, their methods and impacts differ. Malvertising injects harmful code into a publisher’s webpage, targeting users who simply visit the infected site. In contrast, adware installs directly onto a user’s device—often bundled with legitimate software—and runs continuously in the background, displaying intrusive ads or tracking user activity.
In short, malvertising spreads through compromised web pages, whereas adware remains active on an infected computer even after the user leaves the site.
How Malvertising Affects Users
Malvertising can harm users even without a single click. Common threats include:
* Drive-by downloads: Malware automatically installs through browser vulnerabilities.
* Forced redirects: Users are sent to malicious sites without consent.
* Unwanted pop-ups and content: Injected scripts display extra ads or malicious material beyond what was intended.
Staying alert, using updated browsers, and enabling ad blockers can help minimize these risks.
Impact on Publishers
For publishers, malvertising can be devastating. Compromised ad networks damage reputation, reduce traffic, and may expose them to legal consequences for user harm. Because ad platforms rely on real-time bidding and dynamic ad delivery from countless advertisers, thoroughly screening every ad is nearly impossible—making prevention and rapid response critical.
Common Techniques for Injecting Malware into Online Ads
1. Malware in Ad Requests:
When a webpage loads an advertisement, the ad exchange retrieves the content from multiple third-party servers. If an attacker gains control over any of these servers, they can embed malicious code into the ad’s delivery process, infecting users as the ad is displayed.
2. Post-Click Malware Injection:
After a user clicks an advertisement, their browser is often redirected through several intermediary URLs before reaching the intended landing page. If a hacker compromises any of these redirect points, they can deploy malware by executing harmful scripts during the redirection sequence.
3. Malicious Ad Creative:
Attackers can conceal harmful code within the ad content itself—such as text, banner, or HTML5 ads. Since HTML5 ads can integrate images and JavaScript, they can easily host hidden scripts. Flash-based ads (.swf) are especially susceptible to such attacks due to their outdated and insecure format.
4. Compromised Tracking Pixels:
Tracking pixels are snippets of code embedded in ads or web pages to collect performance data. Normally, these pixels only transmit analytics information, but if an attacker tampers with the pixel’s delivery route, they can modify it to send a malicious response that infects the user’s browser.
5. Malware Embedded in Video Ads:
Video players typically lack built-in malware protection. Formats like VAST (Video Ad Serving Template) often use third-party tracking pixels, which can be exploited to include harmful code. Some infected videos may even display malicious URLs at the end of playback, tricking viewers into clicking.
6. Malware in Flash-Based Videos:
Flash videos can covertly insert inline frames (iframes) into the host webpage, allowing malware to download silently—without any user interaction. Similarly, pre-roll ad banners loaded before the video starts can also contain malicious code.
7. Compromised Landing Pages:
Even when a user lands on a legitimate website after clicking an ad, they’re not entirely safe. Cybercriminals can inject harmful code into clickable elements on authentic landing pages, making users believe they are interacting with safe content while actually triggering malware infections.
How to Prevent and Protect Against Malvertising
Malvertising—short for malicious advertising—is particularly challenging to detect and stop. Both users and website publishers must take proactive steps to reduce the risk of infection.
Steps Users Can Take to Avoid Malvertising
Defending yourself against malvertising requires a mix of safe browsing habits, regular maintenance, and the use of proper security tools:
1. Keep All Software Up to Date
Ensure your web browser, operating system, and plugins are always running the latest versions. Security patches often address known vulnerabilities that attackers can exploit to distribute malware through ads.
2. Use a Trusted Ad Blocker
Ad-blocking tools help eliminate a large portion of malvertising by preventing suspicious or malicious advertisements from loading on websites in the first place.
3. Disable or Restrict JavaScript and Flash
Since JavaScript and Flash are common delivery methods for malicious payloads, turning them off—or limiting their use—can significantly reduce exposure to threats. However, note that doing so may affect how certain sites function.
4. Avoid Interacting with Pop-Ups
Never click on pop-up ads or suspicious windows. Close them using the browser’s close button or through your system’s task manager to prevent unintended downloads or redirects.
5. Use Reliable Antivirus Protection
Install reputable antivirus software capable of detecting and removing malware. Keep the software regularly updated to ensure it recognizes the latest threats.
6. Enable Click-to-Play for Multimedia Content
Activating click-to-play settings ensures that video or animation content doesn’t run automatically. This adds an extra layer of security by stopping malicious code from executing without your consent.
By maintaining these security practices, both users and publishers can significantly reduce the risk and spread of malvertising, fostering a safer and more secure online environment.
