Skip to main content

What is Malvertising?

The use of internet advertising to propagate malware is known as malvertising. It usually entails inserting harmful or malware-infected adverts into legal online ad networks and websites. Because so much effort is placed into attracting consumers and selling or advertising a product, online adverts give a great platform for distributing malware. Because advertising material may be injected into high-profile and respectable websites, malvertising allows malefactors to target online users who would otherwise be unable to access the advertisements owing to firewalls, increased security procedures, and other causes. Attackers are drawn to malvertising because it may be readily propagated throughout a huge number of genuine websites without directly compromising those websites.

What is Malvertising

Figure 1. What is Malvertising?

Malvertising is a relatively new method of distributing malware that can be difficult to resist since it can infiltrate a webpage or advertising on a webpage and propagate unknowingly. What's interesting about infections delivered through malvertising is that they don't require any user action (like clicking) to compromise the system, and they don't exploit any vulnerabilities on the website or the server from which they're hosted. Malvertising allows infections to propagate silently through web page advertisements. It can infect millions of people, even the most cautious, and is quickly expanding: In 2012, it was projected that malvertising damaged over 10 billion ad impressions. Attackers have a wide range of targets and may simply distribute these attacks through ad networks. Malvertising attacks have been tough to reduce, and this attack vector isn't going to go away anytime soon.

How Does Malvertising Work?

Malvertising employs the same distribution strategies as traditional web advertising. Fraudsters send infected images or text advertising (both work as long as they employ JavaScript) to legal ad networks, which can't always tell the difference between hazardous and trustworthy ads.

Malvertising, despite the malicious code, appears as ordinary advertisements such as pop-ups (pushing phony browser upgrades, free utilities, antivirus products, and so on), sponsored ads, banner ads, and more. To infect your computer, malvertising criminals use two major ways.

The first is an advertisement that entices you to click on it with a provocative inducement. The bait might be in the shape of an "alarm", such as a notification that you have already been infected with malware. It might also be a free software offer. Social engineering is used in such strategies to intimidate or lure you into clicking on a link. If you succumb to that desire, you will get infected.

The second approach, known as a drive-by download, is much more malicious. In this scenario, the infected ad accomplishes its goal by using an unnoticed web page element. To start the harmful action, you don't even have to click on the ad. Simply visiting the web page housing the ad (or a spam email or malicious pop-up window) brings you to an exploit landing page, which exploits any browser vulnerabilities or software security weaknesses to get access to your computer.

It's vital to notice that the code in these adverts is quite complicated. Advertisers personalize their advertising to provide various information and layouts based on the user's machine, browser, location, and preferences. Because of the code's intricacy, it's difficult to spot malicious scripts put into adverts by hackers. Furthermore, because most website owners trust ad networks, they are unlikely to notice that they are displaying rogue advertising.

The consequences of this attack are detrimental to visitors and disastrous for website owners!

How Malvertisements Affect Web Users?

The influence it makes on your visitors has a direct impact on your website and business. As a result, we'll talk about the negative consequences for both sides.

Impact of Malvertisements on Visitors to Your Website are listed below:

  • Unwanted content, such as adverts for pornographic websites, illicit substances, and bogus items, will be shown on your website. This illegal content would have an impact on users, particularly youngsters who should not be exposed to it.
  • A 'drive-by' download is also initiated via malvertising campaigns. All a visitor has to do is go to a page containing infected advertising and click on it. This would compel the visitor's PC to download harmful software. The infection would cause the visitor's PC to be taken over. Hackers steal personal information, payment information, install ransomware, and so on through distributing malware.
  • The visitor might be sent to malicious websites by reading or clicking on the fraudulent ad. Adult websites, phishing attack websites, and websites that compel virus downloads are all possibilities. These websites use social engineering techniques to trick people into disclosing confidential or personal information. These outcomes have a direct influence on you since your infected site's visitors will not want to interact with it. Apart from that, there are many additional potential implications.

Impact of Malvertisements on your website is as follows:

  • Your reputation will be harmed if the ad promotes viruses and harmful information. Users lose faith in your site as a result of the attacks. It has the potential to drastically harm your brand's image.
  • Malicious advertising is notorious for consuming a large amount of web server resources. Malvertisements slow down the speed and performance of your website.
  • Your bounce rate will increase and network traffic will decrease if the advertising drives your users to dangerous sites. This will have a long-term negative impact on your SEO efforts.
  • If Google discovers malware on your site, it will be blacklisted. This is done to guarantee that their users are not at risk of being infected with malware or being hacked.
  • Your web hosting company will suspend your account and take your website offline if malware is discovered on your site. This safeguards their infrastructure as well as the websites that are housed on their server.
  • Needless to say, these repercussions would result in a loss of ad income. For every minute your website is infected, you lose more paying clients if you run an eCommerce site.

Malvertising should be removed from your website as soon as possible. You should notify your ad network since the sponsor will be suspended. This, however, is insufficient. You must take steps to remove the virus and secure your site as soon as possible.

Why is Malvertising Used?

Malvertising is a relatively straightforward approach for hackers to infect trusted sites that receive a lot of traffic without having to attack the sites directly. Hackers can easily overcome firewalls and infiltrate local networks by using legal advertising networks.

Malvertising's evil men have some unlawful ambitions that they are pursuing with zeal. They seek to profit from you by stealing your personal information, financial information, and contact information, among other things. They can encrypt or destroy information, change or hijack fundamental computer processes, and spy on your computer activities without your knowledge or consent, in addition to plain stealing data. It all relies on the kind of applications that the malvertising can download.

Why is Malvertising Used so Frequently by Cyber Criminals?

First, the digital advertising ecosystem's complexity provides several chances to conceal bad conduct while reaching a big audience. Secondly, because there are so many phases in the advertising chain, and there is no agreed-upon single process for identifying malvertising, it's easy to slip by unnoticed.

How Common is Malvertising?

Malicious advertising has been known to target many well-known websites, affecting millions of visitors across a variety of devices and browsers. Malware accounts for 0.5 percent of all advertisements displayed, according to the CEO of ad security business Confiant in 2018, albeit this proportion can rise fivefold at times.

The Media Trust identified over 20,000 different malvertising attacks in 2020 and prevented billions of unwanted adverts. Hundreds of publishers were impacted, and millions of consumer devices may have been infected as a result of the attacks.

Vox Media had previously discovered a series of forced mobile redirect adverts appearing on their site that year, attempting to deceive customers by claiming they had won an Amazon gift card.

Criminals used the Angler Exploit Kit to send TeslaCrypt ransomware to the New York Times, BBC, Newsweek, AOL, MSN, and The Hill's ad networks in March 2016.

Conrad Longmore discovered in 2013 that two major porn sites, XHamster and Pornhub, were serving enormous quantities of malicious advertising that may install destructive files on users' devices without their consent. In 90 days, Longmore discovered that 5% of XHamster sites loaded malicious advertising. On 12.7 percent of Pornhub's web pages, dangerous advertising was loaded.

What are Examples of Malvertising?

It's crucial to note that ad networks are in charge of spreading both legitimate and fraudulent advertisements. The trustworthiness of a website does not guarantee that it will not include malvertisements; in fact, recent cases have shown that even the most well-known, respectable websites can unwittingly send malvertisements. Despite all efforts to educate people about malvertising attacks, reputable firms will inevitably offer malvertisements to individuals who place too much faith in these websites. Here are some recent examples of malicious advertising campaigns:

Forbes Magazine took a hard stance against ad blockers in late 2015, refusing to show its content to visitors who used them. Malvertisements were presented in place of legitimate adverts when readers switched off their adblockers to obtain access to Forbes articles. People criticized Forbes for its initial attack against adblockers, despite the fact that the magazine's ad network is responsible for selecting safe advertising. The irony of this situation makes it a memorable example of the negative implications of malvertising for both companies and consumers.

RoughTed was a malvertising campaign that began in 2017 and was first revealed in 2018. It was notable because it was able to get around ad-blockers. By dynamically establishing new URLs, it was also able to circumvent several anti-virus systems. This made tracking and denying access to the malicious sites it was using to spread itself more challenging.

On Windows computers, Spotify's free streaming service exhibited malvertisements in 2011. A bogus Windows Recovery anti-virus application was installed as a result of the advertising. The malvertisements were hosted on Spotify's ad network and had nothing to do with a web browser. These Spotify adverts might execute malware merely by being shown on screen, unlike standard malvertisements that need the user to click on them before distributing infections. Following the outbreak, Spotify placed all third-party advertising on pause until it could figure out what was causing the problem.

How to Stop Malvertising?

Malvertising is difficult to avoid since certain harmful advertisements do not require clicks or any other interaction to initiate an attack. Fortunately, there are some actions you may do to avoid or reduce the danger of being exposed to malvertising.

  • Install a powerful antivirus program: Even if you take all other safeguards, certain threats will inevitably get through. There's no alternative for the security that top-of-the-line antivirus software can give when it comes to blocking unwanted downloads.
  • Use ad-blocking software: Cutting off adverts at the source with a complete ad-blocker is a simple and efficient technique to prevent malware from reaching you through advertisements. This will prevent both genuine and fraudulent adverts from appearing on your screen, preventing dangerous malware from infecting your machine.
  • Browser plug-ins should be disabled: Malvertising attacks frequently use browser plug-ins, but by altering your browser settings to limit the plug-ins that run by default, you may eliminate exploitable vulnerabilities and reduce cybercriminal possibilities.
  • Keep your operating system up to date: Malicious code is written to take advantage of software flaws. Malvertisements that target earlier vulnerabilities that have subsequently been fixed are less likely if you are running the most recent version of your operating system. Your web browser, as well as other apps and applications, are in the same boat.
  • Download applications and files only from reputable websites: Apps are vetted for security on Apple's Software Store and other reputable app marketplaces. You never know if a website is authentic or if the software is loaded with malware if you download applications or information from random websites.

How to Remove all Types of Malware from Your Device?

To protect your device from malware or to remove malware, follow the methods below:

  1. Stop shopping, banking, and doing anything else online that requires usernames, passwords, or other personal data until your device is malware-free.
  1. Check to determine whether your device has security software installed; if not, install it. Look for assistance from impartial review sites on the internet. Also, get advice from friends and relatives. It's critical to do your homework since some software that promises to protect you against malware is actually malware.
  1. Check to see whether your software is current. Check that all software is up to date, including the operating system, security software, applications, and more. Allow automatic updates to keep your software up to date.
  1. Scanning your device for viruses is a good idea. Use a malware or security scanner. Delete everything it indicates as a potential suspect. For the changes to take effect, you may need to restart your device. Rerun your scan to ensure that everything is in order. If the scan reveals no additional problems, the virus has most likely been eradicated.

Steps 5 and 6 may help you fix your device if you can't fix it using steps 1-4. You run the risk of losing data if you use one of these methods. If you've routinely backed up your data, you'll be able to reduce the amount of data you lose.

  1. Recover the functionality of your operating system. Visit the website of your device's maker to learn how to restore your operating system (such as Windows or Mac OS). When you recover your system, you usually get a lot of your data back, so it's a viable option to reinstall your operating system (step 6). That is if the malware issue is resolved. After you've recovered your operating system, go back to steps 2, 3, and 4 to make sure the virus is gone.
  1. Your operating system should be reinstalled. Visit your device's manufacturer's website to learn how to reinstall your operating system (such as Windows or Mac OS). The safest option to disinfect an infected device is to reinstall your operating system, but you'll lose all of the data on the device that you haven't backed up.

What's the Difference Between Malvertising and Adware?

Malvertising is sometimes mistaken with ad malware, also known as adware, which is another type of malware that affects internet ads.

Adware is a type of software that runs on a user's computer. It's generally bundled with genuine software or installed without the user's permission. Adware shows unwanted advertising, redirects searches to advertising websites, and collects data about the user in order to better target and offer adverts. The following are some of the distinctions between malvertising and ad malware:

  • Malvertising entails the placement of harmful code on a publisher's website. Adware, on the other hand, is exclusively used to target certain consumers.
  • Users that visit an infected webpage are solely affected by malvertising. Once installed, adware runs in the background on a user's computer.

Malvertising History

The first instances of malvertising were observed in late 2007 and early 2008. This attack was based on an Adobe Flash vulnerability (which was still active in the late 2010s, and it affected a variety of platforms, including MySpace, Excite, and Rhapsody.

The New York Times Magazine's online edition was discovered to be serving an ad that was part of a larger click fraud scheme that involved the creation of a botnet network of malware-infected computers known as the Bahama botnet, which was then used to commit click fraud on pay-per-click ads all over the internet in 2009. For the weekend of September 11 to 14, The New York Times' banner feed was hacked, prompting some readers to receive advertising informing them that their systems were infected and attempting to fool them into installing rogue security software. "The offender approached the newspaper as a national advertiser and had delivered apparently valid advertising for a week," said spokeswoman Diane McNulty, adding that the ads were then altered to the virus alert malvertisement. To address the issue, the New York Times temporarily halted third-party advertising and even issued tips for readers on its technology site.

Malvertising takes momentum in 2010. The Online Trust Alliance (OTA) found billions of display advertising across 3500 sites harboring malware, according to marketing researchers ClickZ. The Online Trust Alliance launched a cross-industry Anti-Malvertising Task Force the same year.

Spotify was one of the first victims of a drive-by download, in which a user is infected with malware without ever clicking on an ad. According to Blue Coat Systems' 2012 Web Security Report, malvertising-based harmful sites increased by 240 percent in 2011.

In their Internet Security Threat Report 2013, Symantec included malvertising as a part that looked back at the situation in 2012. Symantec scanned a number of websites and discovered that half of them had been infected with malvertising. The Los Angeles Times was targeted by a major malvertising campaign in 2012, which infected users with the Blackhole exploit kit. It was thought to be part of a larger malvertising effort aimed at prominent news sites, which continued in later years with attacks on and The New York Times., one of the top ad networks with 6.9 billion monthly views, was the target of a huge malvertising operation in 2013. The malware exploit was based on a common web attack known as cross-site scripting (XSS), which is ranked third among the top ten web attack types discovered by the Open Web Application Security Project (OWASP). The attack infected customers' computers with the ransomware Cryptowall, a sort of malware that extorts money from users by encrypting their data and demanding a ransom of up to $1000 in bitcoins, which must be paid within seven days.

In 2014, massive malvertising operations were launched on the DoubleClick and Zedo ad networks. Several news portals were impacted, including The Times of Israel and the Hindustan Times. The cybercrime used Cryptowall as the malware infection, as it has in prior attacks. This round of malvertising is thought to have infected over 600,000 PCs, bringing in over $1 million in ransom money.

Malvertising was spreading swiftly on mobile platforms, according to McAfee's Threat Report for February 2015. Malvertising campaigns were launched in 2015 on sites such as eBay,,, and, among others. The campaigns involved ad network hacks, such as DoubleClick and engage BDR. There was also a report of what was arguably the first "political malvertising" effort by pro-Russian activists, who used a botnet to drive users' workstations to visit fraudulent sites that produced ad money for the activists. Users were also directed to a number of pro-Russian propaganda films.

REvil, a ransomware group, was discovered leveraging sponsored placement in Google search results to distribute infected files to victims in the year 2021.

Malvertising cash or cryptocurrency giveaway ads with actors impersonating celebrities such as YouTuber MrBeast, Elon Musk, and others have been observed on several advertising platforms and social media sites in the year 2021.