What is Malvertising? Definition and How to prevent it

23 Min Read

Malvertising, short for malicious advertising, is a cyberattack technique that involves embedding malicious code within digital advertisements. These ads appear legitimate and are often distributed through reputable ad networks, making them difficult to detect by both users and website publishers. When a user clicks on or even just views these ads, the malicious code can execute various harmful actions such as installing malware, redirecting to malicious websites, or stealing sensitive data. This type of attack exploits the trust users have in familiar websites and can occur without any direct interaction from the user, making it a particularly stealthy and dangerous form of cyber threat.

Specification of Malvertising

Specification Details
Definition Malvertising is the practice of incorporating malware into online advertisements.
Purpose To spread malware through legitimate advertising networks and websites without immediate detection.
Common Attack Vectors
  • Compromised ad networks
  • Maliciously crafted ads
  • Exploiting vulnerabilities in web browsers and plugins
Typical Malware Types
  • Spyware
  • Ransomware
  • Trojans
  • Adware
  • Cryptojacking scripts
Delivery Methods
  • Drive-by downloads
  • Forced redirects
  • Pop-up ads
Targeted Platforms
  • Desktop browsers
  • Mobile browsers
  • Mobile apps
Common Vulnerabilities
  • Outdated browser plugins (Flash, Java)
  • Unpatched software vulnerabilities
Prevention Techniques
  • Regularly updating software
  • Using ad blockers
  • Employing endpoint security solutions
Detection Methods
  • Antivirus and anti-malware software
  • Network traffic analysis tools
  • Ad verification tools
Impact on Users
  • Identity theft
  • Financial loss
  • Compromised system integrity
  • Decreased performance and productivity
Impact on Publishers
  • Loss of reputation
  • Legal consequences
  • Loss of revenue
Legal and Compliance Issues
  • Violation of privacy laws
  • Breach of advertising standards and regulations
Response Strategies
  • Immediate ad removal
  • Forensic analysis
  • Strengthening security measures
Industry Affected
  • Online advertising
  • Media and publishing
  • E-commerce
Economic Implications
  • Cost of malware removal and system restoration
  • Loss of ad revenue due to distrust in online ads


Difference Between Malvertising vs. Ad Malware

Malvertising and ad malware (often referred to as adware) are both associated with malicious activities involving advertisements, but they operate differently and impact users in distinct ways. Malvertising, short for malicious advertising, involves injecting malicious code into legitimate online ads to spread malware without any user interaction required. This code can redirect users to malicious sites or directly install malware on their devices when the ad loads on a webpage. On the other hand, adware is a type of malware that gets installed on a user’s device, typically bundled with legitimate software, and serves unwanted advertisements. Unlike malvertising, adware operates continuously on the infected device, tracking user behavior and displaying intrusive ads to generate revenue for the creator. While malvertising exploits advertising networks to attack any user visiting a compromised website, adware targets individual users and affects their device’s performance and privacy.

How Malvertising Works

1. Infiltration

Malvertising begins with the infiltration of legitimate online advertising networks. Cybercriminals either create or take over advertiser accounts on these networks. They use these platforms because they offer a broad reach and the ability to display ads on reputable websites, which users trust. By posing as legitimate advertisers, these attackers bypass initial security checks and scrutiny that ad networks might have in place. This infiltration is crucial as it sets the stage for distributing malicious ads without immediate detection, leveraging the credibility of established ad networks to spread malware.

2. Crafting Malicious Ads

Once infiltrated, attackers craft malicious advertisements. These ads are designed to look benign or mimic legitimate ads, making them difficult to distinguish from genuine advertisements. The crafting process involves embedding malicious code within the ad content, such as JavaScript or HTML5. This code can be activated upon viewing or clicking the ad. The malicious ads might also contain enticing visuals or messages that lure users into interacting with them, increasing the likelihood of triggering the malware.

3. Distribution

The distribution of malicious ads is facilitated through the compromised or infiltrated advertising networks. These networks then serve the malicious ads to various websites, including highly trafficked and reputable ones. The widespread reach of these networks ensures that the ads appear on numerous sites, exposing a large number of users to the malware. The distribution process is typically automated and targeted, using algorithms to display ads based on user behavior, demographics, and browsing history, which maximizes the impact and efficiency of the attack.

4. Exploitation

Exploitation occurs when a user interacts with a malicious ad. This interaction can be as minimal as hovering over the ad or as direct as clicking on it. The malicious code embedded within the ad exploits vulnerabilities in the user’s browser or other software to execute unauthorized actions. These actions can include downloading malware, redirecting the user to malicious websites, or executing drive-by downloads, where malware is installed on the user’s device without their knowledge. This stage is critical as it bridges the gap between exposure and actual infection.

5. Infection

The final stage of malvertising is the infection of the user’s device. Once the malicious code is executed, the malware typically installs itself in the background. The type of malware can vary, including spyware, ransomware, or viruses, depending on the attacker’s objectives. This malware can then perform a variety of malicious activities, such as stealing personal information, encrypting files for ransom, or adding the device to a botnet. The infection can remain undetected for extended periods, allowing it to spread further or cause significant damage to the user’s data and privacy.

Common Signs of Malvertising

1. Sudden Increase in Click-Through Rates (CTR)

A sudden spike in Click-Through Rates (CTR) can be a red flag for malvertising. Normally, CTRs increase gradually as a result of optimized ad content or targeting strategies. However, an abrupt rise without any changes in campaign settings might indicate that bots or malicious software are artificially inflating these metrics. This not only skews advertising data but can also drain advertising budgets, as advertisers pay for clicks that have no real potential to convert into sales or leads. Monitoring CTR trends and investigating unusual patterns is crucial to identifying and mitigating potential malvertising threats.

2. In-Banner Video Ads

In-banner video ads, while a legitimate advertising format, can sometimes be exploited for malvertising purposes. Hackers may embed malicious code within these ads, which then execute when the ad loads on a user’s device. This method is particularly insidious because it does not require any interaction from the user; merely viewing the ad can trigger the malicious activity. These ads often appear on reputable websites, making them harder to distinguish from safe content. Publishers and users alike should be wary of in-banner video ads that seem out of place or originate from unknown sources.

3. Negative Social Media Mentions

Negative social media mentions regarding a particular ad or website can be indicative of malvertising. Users who encounter suspicious or harmful ads often take to social media platforms to warn others or seek advice. These mentions can include complaints about unexpected redirects, scareware alerts, or other unusual behavior associated with clicking on an ad. Monitoring social media for such mentions can provide early warnings about potential malvertising campaigns targeting your brand or ads, allowing for swift action to protect users and preserve brand reputation.

4. Unexplained Device Performance Issues

Malvertising can lead to unexplained device performance issues. Users may notice their devices running slower than usual, crashing, or experiencing battery drain at an accelerated rate. This can occur when malicious ads covertly download malware or execute resource-intensive scripts in the background without the user’s knowledge. Such performance degradation not only affects the user experience but can also pose serious security risks, as the malware may attempt to steal personal information or further infect the device with additional malicious software.

5. Redirects to Unfamiliar Websites

One of the most common signs of malvertising is being unexpectedly redirected to unfamiliar websites. These redirects often occur after clicking on an ad that appears benign. The destination sites may host phishing operations, scams, or further malicious content designed to compromise the user’s device or personal information. These redirects are engineered to be seamless, making it difficult for users to identify the initial point of compromise. Vigilance and the use of reputable ad blockers can help mitigate the risk of falling victim to such tactics.

6. Scareware Alerts

Scareware alerts are a manipulative tactic used in malvertising, designed to instill fear and urgency in users. These alerts falsely inform users that their device is infected with malware, urging them to download software to resolve the issue. However, the software offered is itself malicious. These alerts exploit the user’s fear of viruses and malware to trick them into compromising their own devices. Recognizing these alerts as fraudulent and not acting on their prompts is crucial to avoiding the trap set by malvertisers.

7. Fake Software Updates or System Warnings

Malvertisers often use fake software updates or system warnings to deceive users into installing malicious software. These updates or warnings may pop up while browsing and appear to be from legitimate sources, such as operating system providers or well-known software applications. However, clicking on these prompts can lead to the installation of malware designed to steal data or damage the device. Users should be cautious and verify the authenticity of any unexpected update notifications or system warnings.

8. Unexpected Pop-Ups

Unexpected pop-ups that appear while browsing can be a sign of malvertising. These pop-ups might advertise products or services, or they may mimic legitimate warnings from the user’s operating system or software applications. Clicking on these pop-ups can trigger the download of malicious software or redirect the user to harmful websites. Employing pop-up blockers and remaining skeptical of unsolicited advertisements can help protect against these malvertising tactics.

9. Sluggish Computer Performance

Sluggish computer performance is a telltale sign of malvertising infection. Malicious ads can load unwanted software in the background, consuming system resources and significantly slowing down device operations. This slowdown can affect everything from opening applications to browsing the internet. Users experiencing such issues should conduct a thorough security scan to identify and remove any malware that may have been inadvertently installed through malvertising campaigns.

Main Types of Malvertising Campaigns

1. Earn a Jackpot or Win a Prize

Malvertising campaigns that promise a jackpot or a prize exploit the allure of easy money to trap unsuspecting users. These ads often appear legitimate, offering lucrative opportunities such as lotteries or money-earning surveys. When users click on these ads, they are typically redirected to phishing sites or prompted to download malware. The deceptive nature of these ads plays on the greed and excitement of users, making it difficult for them to discern the malicious intent behind the seemingly benign offers.

2. Toll-Free Customer Care Support Scam

This type of malvertising campaign involves ads that mimic legitimate customer support services. Users are often presented with fake alerts about viruses or security breaches on their devices, accompanied by a toll-free number for tech support. When the number is called, scammers may request remote access to the user’s device or sell worthless security subscriptions and services. These scams leverage social engineering tactics to instill a sense of urgency and fear, prompting users to act hastily without verifying the legitimacy of the claim.

3. Fake Software Updates

Malvertising campaigns involving fake software updates trick users into believing that their software is outdated and urgently needs an update. These ads often mimic alerts from trusted companies and prompt users to install updates that are actually malware. The strategy exploits the routine practice of software updating, making it a potent vector for distributing malware. Users are deceived by the professional appearance of the ads and the familiar logos of reputable software companies, leading them to inadvertently compromise their own systems.

4. Scareware Scams

Scareware scams are a prevalent form of malvertising where users are bombarded with alarming pop-ups claiming that their device is infected with a virus. These pop-ups urge users to download software to fix the issue, which in reality is malware. Scareware is designed to create panic and duress, pushing users to make impulsive decisions aimed at quickly resolving the fake threats. This type of campaign is particularly effective because it exploits the fear of losing personal data or suffering extensive device damage.

Risks of Malvertising

1. Inoperable Computers and System Networks

Malvertising poses a significant threat to the operability of computers and system networks. By injecting malicious code into seemingly legitimate online advertisements, malvertising can compromise the functionality of computers and entire networks without the user’s knowledge. Once infected, systems can become sluggish, unresponsive, or completely inoperable, disrupting daily operations and productivity. The stealthy nature of malvertising allows it to bypass traditional security measures, making detection and prevention challenging. Businesses and individuals alike must remain vigilant, adopting advanced security solutions and practicing safe browsing habits to mitigate the risk of system paralysis caused by malvertising attacks.

2. Hardware Failure

Malvertising can lead to catastrophic hardware failure, a consequence often overlooked in discussions about cybersecurity threats. When malicious software is inadvertently downloaded through malvertising, it can overburden the system’s processors or exhaust its memory resources. This excessive strain can cause the computer to overheat, potentially resulting in permanent damage to critical hardware components such as the motherboard, CPU, and hard drives. Moreover, certain types of malware introduced through malvertising can directly target and manipulate hardware functions, further increasing the risk of failure. Protecting against malvertising is crucial to safeguard not only data but also the physical integrity of computing devices.

3. Data Loss and Data Theft

One of the most alarming risks associated with malvertising is the potential for data loss and data theft. Malvertising campaigns are designed to stealthily infiltrate systems and execute malicious activities, including the extraction of sensitive information. Personal data, financial records, and confidential business information can be exfiltrated and exploited for fraudulent purposes or sold on the dark web. Additionally, malvertising can deploy ransomware, encrypting data and rendering it inaccessible to the rightful owners, leading to significant data loss. The repercussions of such breaches extend beyond immediate financial loss, potentially damaging reputations and eroding trust among clients and partners.

4. Extort Money from You

Malvertising is a lucrative venture for cybercriminals, primarily because it can be used to extort money directly from victims. By deploying ransomware through malicious ads, attackers can lock users out of their own systems or encrypt critical files, demanding a ransom for their release. Victims, faced with the loss of valuable data or the disruption of business operations, may feel compelled to pay, although there is no guarantee that compliance will restore access or prevent future attacks. This form of digital extortion highlights the importance of robust cybersecurity measures and regular data backups to mitigate the financial and operational impacts of malvertising.

5. Cause Chaos

Beyond financial gain, some malvertising campaigns are orchestrated with the intent to cause chaos and disruption. By targeting critical infrastructure, public services, or large organizations, attackers can use malvertising as a tool to destabilize systems, sow confusion, and disrupt essential services. The ripple effects of such attacks can extend far beyond the immediate victims, affecting communities, economies, and national security. The capacity of malvertising to silently infiltrate and compromise systems underscores the need for comprehensive cybersecurity strategies that include the detection and prevention of malicious advertising, safeguarding the digital ecosystem from chaos-inducing threats.

Tips and strategies to protect from malvertising attacks

1. Keep Software Updated

Regularly updating your software is crucial in protecting against malvertising attacks. Software developers frequently release updates to patch vulnerabilities that could be exploited by attackers. By keeping your operating system, browsers, and all applications up-to-date, you minimize the risk of these vulnerabilities being used as entry points for malware. This proactive measure is simple yet highly effective in maintaining the security integrity of your device.

2. Use an Ad-blocker

Installing an ad-blocker can significantly reduce the risk of encountering malvertising. Ad-blockers prevent the display of advertisements, which are often used as a vector for delivering malicious content. By blocking these ads, you not only enhance your browsing experience by reducing unwanted content but also decrease the likelihood of clicking on a malicious ad inadvertently. Remember, however, that some sites require disabling ad-blockers to access content, so use this tool judiciously.

3. Disable Javascript and Flash

Disabling JavaScript and Flash in your browser settings can provide an additional layer of protection against malvertising. Many malvertising attacks rely on these technologies to execute malicious scripts without user interaction. While disabling them might break certain functionalities on websites and reduce the richness of your web experience, it significantly lowers the risk of automatic malware downloads. This setting acts as a strong barrier against many types of cyber threats.

4. Be Cautious with Pop-Ups

Exercise caution when dealing with pop-ups during your browsing sessions. Malvertising often utilizes pop-up ads to trick users into clicking on malicious links. Always avoid interacting with suspicious or unexpected pop-up windows. If a pop-up appears too good to be true or asks for personal information, it’s likely a malvertising attempt. Configure your browser settings to block pop-ups or use browser extensions that can manage pop-up permissions effectively.

5. Use Antivirus Software

Antivirus software plays a critical role in protecting against malvertising by actively scanning and blocking malicious activities and files. Ensure that your antivirus is always active and regularly updated with the latest malware definitions. Modern antivirus programs offer real-time protection, scanning downloads, and detecting unusual behavior, which is essential for intercepting malvertising before it can cause harm.

6. Enable Click-to-play

Enabling click-to-play for plugins such as Flash and Java prevents them from running automatically. This setting requires you to manually activate these plugins each time they are needed on a webpage. Since many malvertising schemes exploit these plugins to execute malicious code, click-to-play adds a layer of user intervention that can thwart automatic malvertising attacks. This control helps maintain your browser’s integrity while allowing you to decide when and where to run potentially vulnerable plugins.

7. Regular Backups

Maintaining regular backups of your important data is a vital security practice. In the event that a malvertising attack bypasses other defenses and compromises your system, having up-to-date backups allows you to restore your data without paying ransoms or losing critical information. Implement a robust backup strategy that includes frequent backups to multiple locations, such as an external drive and a cloud storage service, to ensure comprehensive data protection.

Share This Article