Malvertising is a nefarious tactic involving the insertion of malicious code into legitimate online advertising networks. Consequently, unsuspecting users are exposed to these deceptive ads, which redirect them to unsafe destinations, posing a threat to their online security.
This form of cyber attack can yield significant profits for criminals due to its elusive nature and difficulty in detection. Typically, the malicious code is concealed within online ads encountered during regular browsing sessions. Attackers strategically place these ads on reputable websites to maximize their audience reach.

How Does Malvertising Work?
The online advertising ecosystem is a complex web comprising publisher sites, ad exchanges, ad servers, retargeting networks, and content delivery networks (CDNs). When users click on ads, there are multiple redirects between servers. Exploiting this complexity, malicious actors stealthily insert harmful content into unexpected locations, catching publishers and ad networks off guard.
Clicking on malvertising can unknowingly trigger the release of malicious code onto the user’s device. Once installed, the malware functions like any other, potentially causing file damage, data theft, establishment of hidden access points, or user activity monitoring. Moreover, the malware can manipulate, block, delete, copy, or leak data, which may then be held for ransom or sold on the dark web.
Malvertising attacks may also utilize exploit kits, a form of malware designed to probe systems and exploit security vulnerabilities or gaps.
What’s the Difference Between Malvertising vs. Ad Malware?
Malvertising is often confused with ad malware or adware, which are other types of malware affecting online advertisements. Adware refers to a program that runs on a user’s computer, typically bundled with legitimate software or installed without the user’s awareness. Its function includes displaying unwanted advertisements, redirecting search requests to advertising websites, and gathering user data to enable targeted advertising.
When comparing malvertising to ad malware, there are notable distinctions to consider:
Malvertising involves the deployment of malicious code on a publisher’s webpage, specifically targeting individual users. Conversely, adware is designed to target individual users without initially being deployed on a publisher’s webpage.
Furthermore, malvertising impacts users only when they access an infected webpage, whereas adware, once installed, remains active continuously on a user’s computer.
In summary, malvertising and ad malware differ in their methodology and impact, with malvertising relying on infected webpages and adware persistently operating on a user’s computer.
How Do Malvertisements Affect Users?
Malvertising can affect users who encounter malicious ads, even without interacting with them. These impacts include:
- “Drive-by download” attacks: These occur when malware or adware is automatically installed on a user’s computer due to vulnerabilities in their browser.
- Forced browser redirects: Users may be involuntarily redirected to malicious websites, exposing them to potential threats.
- Unauthorized display of unwanted advertising, malicious content, or pop-ups: Malvertisements may utilize Javascript to display additional ads or content beyond what is legitimately provided by the ad network.
When users click on a malicious ad, malvertising can compromise their security by:
- Installing malware or adware: Clicking on a malicious ad may trigger code execution that installs harmful software on the user’s computer.
- Redirecting to a malicious website: Instead of reaching the intended destination indicated by the ad, users may be redirected to a site that poses risks to their online safety.
- Phishing attacks: Malicious ads may redirect users to websites closely resembling legitimate sites, with the intention to deceive and coax users into disclosing sensitive information.
The Impact of Malvertisements on Publishers
When malicious actors gain control of an ad network, it can result in serious repercussions for publishers. Their reputation suffers, leading to a decrease in site traffic and revenue, and they might also encounter legal consequences for the harm inflicted upon users.
Despite publishers being cognizant of this problem, identifying and preventing malicious ads presents a major obstacle. Ad networks deliver ads from numerous advertisers and exhibit them dynamically through real-time bidding, making it exceedingly challenging to thoroughly vet every ad displayed to users.
Methods of malware insertion into ads include:
- Malware in ad calls: When a website exhibits a page with an advertisement, the ad exchange delivers ads via third-party servers. Attackers can compromise one of these third-party servers and insert malicious code into the ad payload.
- Malware-injected post-click: When users click on an ad, they are rerouted through multiple URLs before arriving at the ad landing page. If an attacker compromises any of these URLs, they can execute malicious code.
- Malware in ad creative: Malware can be embedded in text or banner ads. For instance, HTML5 enables ads to merge images and JavaScript, which may include malicious code. Ad networks employing Flash (.swf) format are especially susceptible to this.
- Malware within a pixel: Pixels are snippets of code embedded in ad calls or landing pages to track data. Legitimate pixels solely transmit data, but if an attacker intercepts the pixel’s delivery path, they can transmit a response with malicious code to the user’s browser.
- Malware within video: Video players lack safeguards against malware. For example, standard video formats (VAST) may include pixels from third parties that could contain malicious code. Videos can infect users by displaying a malicious URL at the conclusion.
- Malware within Flash video: Flash-based videos can introduce an inline frame (iframe) into the page, which downloads malware without the user needing to click on the video. Malicious code can also be injected into pre-roll banners that load while the video file is loading.
- Malware on a landing page: Even on authentic landing pages served by reputable websites, clickable elements may execute malicious code. This form of malware is particularly hazardous as users click on an ad, land on a genuine landing page, but get infected by a malicious element on the page.
How To Avoid And Prevent Malvertising
Detecting and mitigating malvertising poses a challenge, necessitating action from both end users and publishers.
How Users Can Avoid Malvertising
Protecting yourself from malvertising requires a combination of good online practices, maintaining updated software, and utilizing various security measures:
- Keep Software Updated: Regularly update your browser, operating system, and plugins to ensure you have the latest security patches. Outdated software is often vulnerable to exploitation by malware.
- Use an Ad-blocker: Ad-blockers can prevent many malvertising instances by blocking the loading of ads on web pages.
- Disable Javascript and Flash: Javascript and Flash are common tools for delivering malicious payloads. Disabling them can thwart various malvertising attacks, though it may impact the functionality of certain websites.
- Exercise Caution with Pop-Ups: Avoid clicking on pop-up ads or windows. Instead, close them using the “X” button or through the task manager.
- Utilize Antivirus Software: Employ reliable antivirus software to detect and neutralize different types of malware. Ensure your antivirus software is regularly updated.
- Enable Click-to-play: Click-to-play functionality requires user interaction to play multimedia content. This can prevent the automatic execution of malicious code.
How Publishers Can Avoid Malvertising
- Carefully examine ad networks, verifying their reputable standing and strong security protocols. Inquire about their ad delivery procedures and the safeguards implemented to thwart malicious ads.
- Establish a rigorous screening process for ad content prior to publication. This ensures the detection of any malware or undesirable code that could endanger users’ devices or compromise their security.
- Contemplate enforcing a policy that confines permissible file types within ad frames. Restricting them to secure formats such as JPG or PNG, while steering clear of JavaScript or Flash, can markedly diminish the risk of malicious content.
Ofte stillede spørgsmål
How does malvertising differ from other types of online threats?
Malvertising involves the insertion of malicious code into legitimate online advertising networks, leading users to unsafe destinations through deceptive ads. Unlike other threats such as adware or ad malware, malvertising targets users indirectly through compromised ads encountered during regular browsing sessions.
What makes malvertising difficult to detect and mitigate?
Malvertising poses challenges for detection and mitigation due to its covert nature and the dynamic nature of online advertising networks. The malicious code is often concealed within legitimate ads, making it hard to identify. Additionally, the complexity of the online advertising ecosystem, involving multiple servers and redirects, complicates the process of tracing and blocking malicious ads effectively.
How can users protect themselves from malvertising?
Users can safeguard themselves from malvertising by practicing good online habits and utilizing security measures such as keeping software updated, using ad-blockers, disabling JavaScript and Flash, exercising caution with pop-ups, employing antivirus software, and enabling click-to-play functionality. These actions help mitigate the risk of encountering malicious ads and prevent malware infections.
What steps can publishers take to prevent malvertising on their platforms?
Publishers can mitigate the risk of malvertising by thoroughly vetting ad networks, implementing stringent ad content screening processes, and enforcing policies to restrict permissible file types within ad frames. By ensuring the security and integrity of their ad networks and content, publishers can minimize the likelihood of malicious ads appearing on their platforms and protect their users from potential harm.
What are some common methods used by attackers to inject malware into online ads?
Attackers employ various techniques to insert malware into online ads, including compromising third-party ad servers, injecting malicious code into ad creative, exploiting vulnerabilities in ad delivery paths, and embedding malware within pixels or video content. These methods enable attackers to distribute malicious ads covertly and target unsuspecting users across different platforms and devices.
Konklusion
Malvertising continues to pose a significant threat in the online advertising realm, presenting challenges for users and publishers alike. Vigilance and proactive measures are essential for users to safeguard against potential risks, while publishers must prioritize security to protect their platforms and users. By remaining informed and implementing robust defenses, both parties can effectively combat malvertising and promote a safer online experience.


