What is malvertising, and how to protect against it?

Nwachukwu Glory Last updated: June 1, 2022

Ads can be frustrating and annoying, especially when they keep distracting you. But, have you ever wondered if the ads you see on your web browser are legitimate and safe?

Some of them are disturbing; some look normal but the irony is there could be malicious codes embedded within ads you see online. Such ads are called malvertisements.

Malvertising is a growing trend in the cyber world, and it deploys ads to end-users systems for carrying out cyber attacks. It can infiltrate your device and cause harm.

Worry no more, though, as this detailed guide will teach you how to defend against malvertising attacks. But, to better prevent malvertising, you must understand the basic principles first. Let’s start with them.

Can you actually get malware from ads?

Yes! You can get malware from ads. A research carried out in 2019 found that hackers imbed malicious codes in one out of every 100 ads with disruptive intent.

Nonetheless, tech giants such as Google have been working hard to eliminate intrusive and malicious ads from their platform.

According to reports, Google removed as many as 100 malicious ads every second in 2017. Out of these 66 million ads were trick-to-click ads, 79 million redirected people to malicious sites, while 48 million tried to persuade internet users to install a malicious program.

Internet users face multiple threats from malicious ads. The most common malvertising threats and attacks are from ads and auto-redirects. In auto-redirects, an internet user is automatically redirected to a harmful page.

Others include malware ransom attacks, phishing scams, and auto file downloads, etc. That is the magnitude of malvertising problems internet users face today. So, you must watch out to protect your information from hackers. Do not take it for granted.

Malvertising explained

Malvertising or malicious advertising is a growing technique that cybercriminals use to carry out malicious internet campaigns. The name comes from the combination of two words, which are malware and advertising.

Offenders would often take over an entire advertising network, and sometimes times they pay for display ads. They deploy various kinds of ads to carry out cyberattacks and infect users with malware and spyware.

Some of the malware ads are so robust that it becomes troublesome to avoid them. Talking about malvertising technology’s complexity today, a user may not even click on the ads for the malware to attack in some instances. That means you can become a victim by merely visiting a site that has a malicious ad.

To gain optimum results, cybercriminals often develop these malicious ads and place them on both legitimate and illegitimate websites. Some of the sites where malvertising appears are popular and trusted. Unsuspecting users would often load the pages and then get infected through the poisoned ads.

What are malvertising attacks used for?

What are Malvertising attacks used for

Cybercriminals develop various forms of malware and use them for many nefarious activities. Maladvertisers carry out espionage, sabotage, ransom, and fraudulently make money from advertising and eCommerce agencies.

Did you know that malvertisers can even buy advertising space on some of the world’s most popular websites? In the past, these unscrupulous ads have found their way into websites such as Spotify, New York Times, the London Stock exchange, and so on.

As hinted earlier, whether or not you click on these ads, you can still be a victim. This strategy is what we know as “Drive-by-Download.” All it takes to be a victim is a mere visit to the website with malicious ads on it.

Here are the various uses of malvertising in brief detail:


Ransomware is a malicious application that encrypts a target device and renders the information in it unreadable/unusable. Then, the cybercriminal would demand a price or ransom from the victim to restore data.

The would show you how to make payments, after which you’ll get a decryption key to your device.

Some cybercriminals sometimes will not send you a decryption key, and your information would become permanently unreadable. Even after you’ve paid their demanded money.

Ransomeware gets deployed through many ways to gain access to users’ devices today, and Malvertising is among the most efficient methods that get the job done for hackers.


Spyware can infect your device and monitor your activities for a long period without your notice. They take note of your screenshots, emails, chats, messages, keystrokes, and ultimately every bit of your personal data.

After gathering targetted information, the spyware sends it back to the cybercriminal server through the internet. Cybercriminals can use the information to blackmail you, carry out espionage, identity theft, unauthorized fund transfer, and so much more.

Sometimes they can use spyware to monitor you and deploy more intrusive ads onto your device. Spyware monitors your activities and helps people with malicious intent to deploy intrusive ads on your browser through malvertising. That is why spyware removal should be among your regular system check-up practices.

Have you ever wondered why you start receiving ads of similar products you bought on the internet? Sometimes you would receive endless and annoying ads after searching for a specific product or information online.

Other times you may even receive direct emails and phone calls of products and services you bought or searched for on the internet. Spyware facilitates this whole annoying process.


The name “Trojan” came from the Trojan War. Greek soldiers invaded the city of Troy despite high resistance to win the war. The computing world has adopted the name for a form of powerful malicious program that can invade your device and infiltrate you.

Trojans are one of the most potent and lethal malware in the world today. Malvertisers can deploy Trojans to your system just by making you visit a poisoned link.

Another way hackers and cybercriminals use Trojans to gain access to your device are through social engineering. They can use it to spy on your cell phone and other devices once they gain access to your system.


It is a hacking form where hackers illegally hijack someone’s computer to mine cryptocurrency. Cybercriminals use malvertising to deploy these tools. Cryptojacking uses automated JavaScript codes to carry out its ruthless functions.

In the past, the only way to get infected by the malware was by clicking on an infected link, downloading a file, or opening an attachment. But over the years, hackers have dramatically improved their codes and techniques.

Today you do not necessarily have to click on a link or open an attachment to be a victim. All it takes is a malicious ad that appears on your browser and your computer starts mining cryptocurrency without your knowledge.


Hackers use automated bots to recruit slave devices and carry out DDoS attacks. DDoS is an acronym for distributed denial of service, and it is a rising problem worldwide.

Cybercriminals deploy botnets to send heavy traffic to servers, networks, and websites to overwhelm them and ultimately take them offline or do malfunctioning. One way they achieve that is through malvertising.


Adwares generate revenue for a cybercriminal by generating unauthorized traffic and online advertisement. Adware mostly earns through advertising agencies and eCommerce stores.

They primarily direct ads to an advertising agency or eCommerce store and make money. In some cases, they redirect the user’s traffic and make it seem like the traffic is coming from the cyber-criminal. Like many other computer viruses, adware disguises itself in the form of ads and gets into your system when you visit an infected website.

So, these are some prominent ways how perpetrators use malvertising. Let alone individuals, even large corporations are not safe from these attacks. These deceiving ads can get into the websites of large corporations, which can result in their bad reputation. Big names such as Adobe FlashWordPress, and The Atlantic have all been infected by these malicious activities.

Malvertising vs. Adware

Malvertisements vs. Adware

Adware and malvertising share a lot of similarities, but they are different.

Malvertising is used to embed malicious codes in adverts. They’re highly manipulative and create an open door for viruses, spyware, and other fraudulent applications to highjack your system.

However, adware constantly runs on a user’s device and affects how web pages function. Few are safe, but some of them are highly intrusive and dangerous.

In summary, malvertising disguises intrusive applications through ads while malicious adware generates money directly for the cybercriminal by driving traffic.

Malvertising does not make direct money for the cybercriminal. Rather it creates a loophole for the wrongdoer to make money either through blackmail, ransomware, spyware, and a range of other methods.

Hackers use Adware to send ads to a user, and the advertisement agency pays them for every ad the user clicks on. In some instances, malvertising deploys adware to spread malicious ads to users.

Types of malvertising

Now that you know the essentials about malvertising, let us take a look at the types of malvertising.

There are two major types of malvertising, and both of them deploy ads to host malware on your device. But the method of execution differs. They are Click-to-Download and Drive-by-Download malvertising.

Click-to download

In this type of malvertising, the user has to click on the ad before it can infect the user’s device. These types of ads masquerade as real ads, and they deceive users into clicking on them. 

Drive-by download

A drive-by download does not require the user to interact with the ad or click on it. It automatically infects your system once you visit a website it has been deployed on. Sometimes you can also get infected when it forcefully redirects you into an infected website.

Malvertising examples

By giving you examples, we do not want our readers/you to even Google and land on any malvertising resource. So instead, we will talk about how you can spot any malvertising campaign.

You might be wondering how can I identity which adverts out of the ones I see online are real? And which ones are potentially harmful? Let us teach you how to identity malvertisements.

Since cybercriminals keep developing sophisticated systems, you cannot decide at a glance if an ad is part of a malvertising campaign or legitimate. However, you can use some strategies and look for alarming signs to not end up clicking on a malvertisement. Below are some signs you need to be aware of:

  • Ads that have a mediocre design, suggesting they were not designed by a professional graphic designer.
  • Ads promising celebrity scandals or miraculous cures. (Anything online that sounds too good to be true, is more likely a lie.)
  • Advertisements with spelling errors.
  • Ads that mismatch with your typical/recent browsing behavior or web search history.

Where do internet users encounter malvertising?

You can be exposed to malvertising on an infected website or application on the internet. This includes advertisements on videos, banners, pop-ups, web applications, and so much more.

Sometimes the website displays ads directly, and on another day it may be third parties or ad networks. (An ad network connects advertisers and websites and deploys various kinds of ads based on user’s searches and preferences.)

Arguably, you can encounter malvertising on any website.

But you would more likely come in contact with them on gambling portals, pornography sites, document sharing websites, etc. It is imperative to avoid such websites because they are heavy malware carriers. 

How do attackers get their ads onto websites and apps?

How do spammers get their ads onto websites and apps

Hackers and cybercriminals deploy malvertising on the internet in three distinctive ways. Below we cover them all:

Compromising ad network

This is an efficient technique used by hackers to infect devices with malvertising.

Cybercriminals take over a network, thereby compromising the network and spreading malicious ads on the internet through a hijacked network. This is the method that helps wrongdoers compromise and use even legitimate websites for their interests.

Buying ad Space

Attackers would usually buy ad space on websites with malicious intent. They pay advertisers and websites owners to deploy ads that infiltrate user’s devices without them knowing.

Some of the website owners and advertisers may not be aware of the malicious intent of the ads. But sometimes, others may not care because they simply want to make money.

By building an advertisement agency

Cybercriminals can build their very own ad network and marketing agencies to enable them to disguise users and carry out attacks. This strategy is not common because it requires more funds and work.

However, powerful and well-funded cyber criminals have, in the past, formed agencies to carry out attacks.

In 2017, a criminal agency created 28 ad agencies, which they used to deploy about 1 billion malvertising ads known as the Zirconium attacks.

How does malvertising succeed in infecting site visitors?

How can malvertisements infect site visitors

Understanding system vulnerabilities is the first step in knowing how to prevent malvertising. Malvertising infects internet users primarily by exploiting vulnerabilities or social engineering. Let’s take a look at the key ways malvertising infects a website’s visitors:


Computer malware is known to take advantage of vulnerabilities and loopholes on your system and infect it. Therefore, you should never neglect to always update your plug-ins, web browsers, and device operating system.

An outdated system and application create loopholes for hackers to infect your system with malicious programs.

Setting up an auto-update on your system can save your day. The vulnerabilities caused by the following can create loopholes for cybercriminals to take advantage of:

  • Outdated web browsers
  • Outdated operating systems
  • Older versions of web browsers
  • Older versions of plug-ins and extensions
  • Older version of adobe flash


Cybercriminals will often check for fingerprints on users’ devices to determine if there is any vulnerability. If they detect any, they deploy tools that would exploit those vulnerabilities through a series of attacks.

Browser fingerprinting is a technique that cybercriminals (and digital agencies) use to cluster a range of information about a user to identify them on the internet. The information can include system configuration, IP address, device name, operating system, browser version, and a whole lot more.

Social engineering

Social engineering is a technique that cybercriminals use to manipulate people and make them hand over their sensitive information.

You may have received a message while browsing that your device is infected, or your device would soon crash. That is usually not true but a trick by cybercriminals to make you panic and hand over sensitive information to them.

Once users fall into an attacker’s trap, he then uses the collected information to hack users’ accounts and devices.

The information attackers seek may vary based on their intent, but they mostly trick people into unveiling banking details, passwords, etc. Sometimes they ask you to run other applications on your PC to resolve an issue. Then guess what? Your system would be infected after you run such applications.

Mobile malvertising

A few years ago, only computers were major targets for malvertising. But lately, smartphones and tablets have become the prime focus of malvertisers.

The reason behind mobile devices becoming a hotspot for malvertising is simple. It is because more people are using mobiles to access the internet today. Also, as per the reports, 60% of people click on mobile advertisements at least once every week. That pretty much tells why malvertisers are shifting their focus onto mobile users.

Recently malvertising has targeted both iPhone and Android users all around the world. Cybercriminals use malvertising to carry out intelligent phishing attacks on mobile devices. Crytojacking is also on a dramatic rise where criminals highjack phones to carry out cryptocurrency mining.

And lastly, malvertising campaigns are used to deliver malware payloads on mobile devices. These attacks are carried out through ads that install infected applications on users’ systems.

How do I get rid of malvertising?

The protection guide

However, you can take the following internet security best practices steps as an individual to prevent malvertising:

Keep your system and applications up-to-date

An outdated operating system, web browser, plug-in, and storage devices can turn into a security hazard for you at any time. Your system would be more vulnerable to ransomware, spyware, Trojans, and other malicious programs if your device is not up to date.

Carrying out the regular operating system and browser updates can significantly eliminate vulnerabilities from your device. That way, you can prevent hackers from exploiting device vulnerabilities and deploying programs that can pose security challenges to you. 

Make a reputable antivirus your friend

Use a safe browser

Many web browsers out there lack the robustness to handle malvertising. Most of the mainstream reputable web browsers cannot protect you against malvertising 100%. But some of them have an adequate security mechanism to help keep you safe to some extent. Firefox, Google Chrome, and Microsoft Edge browsers have safety features on newer versions of their web browsers for safer browsing.

That is not the case with other widely-used web browsers.

On top of making your Firefox, Chrome, or Edge more secure, you can also consider trying some security-focused web browsers available today.

Lastly, no matter whichever browser you use, ensure that JavaScript and flash players are set not to auto-run on your web browser. Your system can be compromised through flash players and scripts; therefore, you must understand their source before playing them (if you need to do so must).

Consider using a firewall (or activating your existing one)

Installing an effective firewall can significantly keep you away from malvertising trouble. The firewall should be enabled on personal devices and enterprise devices alike.

The best thing here is, you do not need to spend a fortune on a firewall. Today, you can easily find free firewalls that can quickly stop malfunctions like redirects, keeping you safe from landing on an unsafe website. Moreover, firewall rules can also be set to manage iframes and other tools that hackers deploy to infiltrate devices.

Be cautious all the time

Avoid visiting potentially harmful websites, take caution while downloading files and applications on the internet, and avoid adding unknown plug-ins to your browser. There are lots of insecure add-ins on the internet that can significantly expose you to security threats.

Install extensions developed by only reputable organizations and only the ones you need. Furthermore, you should download files from trusted sites only. Also, get mobile applications only from the official Play Store or Apple Store. You must avoid downloading applications from third-party websites.

Final notes

Malvertising is a growing trend among cybercriminals, but fortunately, some effective ways to prevent it exist today.

Remember, aside from deploying technological tools such as antivirus and firewalls, you should also surf the web with caution always. Below is a list of quick common-sense reminders for you to keep in mind to stay protected from malvertising:

  • Be cautious of ads and do not randomly click on any that looks suspicious. Take a critical look at them to determine if they are genuine or not.
  • Ignore pop-ups telling you that your device is infected with a virus or about to crash except if the warning comes from your antivirus program.
  • Exercise caution while downloading files and attachments on the internet.
  • Always ensure that your device’s operating system and entire applications are updated.

Please remember one thing: malvertising is an ongoing information security threat.

Since ad revenue powers a significant web portion, cybercriminals will keep on working with whatever loose ends they find. That fact alongside the possibility of injecting malicious codes into ads online has led to malvertising mostly acting as a starting point in web attack campaigns.

One bitter truth is that we, being users, can do a little to avoid this arms race as things stand. But implementing the cybersecurity and behavioral basics that we covered above is the best way forward for everyone.

While doing even all that will not make publishers, website visitors, and ad networks shatterproof against malvertising will still make things tough for the attackers. If you have followed this malvertising protection guide to this end, it is more likely that such malicious campaigns will move on and decide to try their luck on the next (easier) targets.

Share this article

About the Author

Nwachukwu Glory is a writer, blogger, and tech nerd. She loves trying new gadgets that make life more fun ( and easier). Glory is passionate about digital security and privacy alongside browsing the World Wide Web without any limitations.

More from Nwachukwu


No comments.