What is Malvertising? This form of malicious advertising is a growing cyberattack trend that injects malicious code into online digital ads. Due to the complex digital advertising landscape, it’s difficult for both users and publishers to detect.

As the impacts on business reputation and ROI are significant, we present techniques that users and publishers can use to avoid the emerging malvertising threat.

What Is Malvertising?

Malvertising is an attack in which cybercriminals inject malicious code into legitimate online advertising networks. When users click a link in the ad, the code redirects them to malicious websites.

This type of attack often involves highly reputable websites. Spotify, The New York Times Online, The London Stock Exchange, and The Atlantic have all been exposed to malvertising (source). Users have no reason not to trust the links because the ads are displayed on well-known websites belonging to reputable entities.

Online Advertising CDNs

The online advertising delivery system is complex and involves a combination of networks that includes publisher sites, ad servers, and ad exchanges. It also includes retargeting networks and various content delivery networks (CDNs).

Multiple hidden redirections begin once a user clicks on an ad. Malvertising attacks take advantage of this complexity, where cybercriminals find points to place malicious content where ad networks and publishers least expect it.

How Malvertising Works

How Malvertising Works

The cybercriminal begins by creating an ad on a legitimate third-party ad server or ad CDN. Using an ‘exploit kit’, they can inject a dynamic malicious link or hidden code within an ad or ad element such as creative imagery, banner ad copy, or a video segment.

You can think of the exploit kit as a chameleon, a master at hiding corrupt code or links from malware detection tools that ad networks use to detect malicious activity. It will scan the user’s device to identify and then exploit vulnerabilities or weaknesses to allow it to install malware.

Once the user device is compromised by malware, sensitive data can be damaged, encrypted and held to ransom, or stolen to be sold on the dark web. The attacker may also use the malware to secretly redirect internet traffic to monitor the user’s online banking activity.

3 Malvertising Attack Examples

3 Malvertising Attack Examples

There are several versions of malvertising attacks; here are the three most prominent that you and your staff should recognise. 

1. Angler Exploit Kit

Angler Exploit Kit is a classic example of a drive-by download. It automatically redirects visitors to a malicious website to exploit vulnerabilities in common web extensions like Microsoft Silverlight, Adobe Flash, and Oracle Java.

2. RoughTed

RoughTed is a malvertising campaign that circumvents ad-blockers and antivirus solutions through a series of dynamic URLs. The criminal agent behind RoughTed leverages a complex ad exchange network, along with the Amazon cloud infrastructure and its CDN to carry out the attack.

3. KS Clean

KS Clean is a malvertising attack campaign that targets malicious advertisements within mobile apps. Once the malware downloads, it triggers an in-app notification, alerting the user to a security issue. 

The malware then prompts the user to upgrade the app. Of course, once the user agrees to the upgrade, they are granting the cybercriminal behind the attack administrative privileges to their mobile device.

Adware vs Malvertising

Adware vs Malvertising

Malvertising is typically confused with another form of malware injection called adware or ad malware. Both adware and malvertising involve online advertisements, though there are differences.

Adware is a program that runs on the user’s computer or mobile device. It is often packaged with legitimate software or otherwise installed without the user’s knowledge. Once installed, adware delivers unwanted advertising, redirects user search requests to advertising websites, and mines user data to target additional advertisements. 

Not all adware is malicious; some forms are often included in legitimate software packages. While adware raises questions about data security and privacy, it is not a tool cybercriminals use to steal, alter, or delete data. The goal of adware is to track a user’s web activity to display relevant or personalised ads. Malvertising, on the other hand, is always malicious.

Another difference between adware and malvertising is that adware targets individual users and then operates continuously on that user’s device. Malvertising uses malicious code that deploys from a publisher’s web page, possibly compromising any user clicking the infected ad. 

5 Ways Malvertising Can Affect Business

5 Ways Malvertising Can Affect Business

Malvertising can threaten any business, from small startups all the way to multinational corporations. As it can compromise the security of end-user devices, servers and connected cloud systems, the malware it distributes poses multiple security issues.

1. Ransomware Attack

A malware infection obtained from malvertising can lead to a full-blown ransomware attack resulting in devastating data loss. Corporate laptops, servers, backup storage and cloud services are encrypted. Even if the ransom to obtain the de-encryption key is paid, the data is usually damaged beyond repair.

2. Virus Infection

Malware is often the tool of choice that allows a virus infection to take hold and spread to other systems on the network. A virus is usually more malicious than a ransomware attack; it will simply delete, rename, move or corrupt your data.

3. Cryptojacking

Cryptojacking is a malicious form of crypto mining. It is the unauthorised use of someone’s computer, mobile device, or entire network as hosts to exploit CPU resources to mine cryptocurrency for profit. The cryptojacking malware steals the processing power of the infected host machine(s) to mine the cryptocurrency.

4. Corporate Data Theft

Once malware enters an organisation’s network via malvertising, it goes to work without interaction from people, searching through staff emails and data servers to find valuable, sensitive information. This information is then often sold to competitors or made available on the Dark Web.

5. Identity Theft

Certain types of malware will steal sensitive personal information such as bank account details, medical records, user IDs, and passwords. Should the malware compromise email, it can send spam emails on behalf of the victim and interrupts other connected devices within the organisation. 

How to Prevent Malvertising

How to Prevent Malvertising

Malvertising is a problematic form of attack to detect, making it challenging to avoid for both consumers and publishers. There’s a continuously high volume of automated digital ads deploying and circulating online. So much so that publishers can’t directly oversee their ad verification and assessment processes.

Likewise, it’s also challenging for cybersecurity experts to identify malicious ads because the ads on any given webpage change constantly. In addition, most malvertising attacks require a user to interact with the infected ad. Thus, not every user is affected by a malicious ad, making it difficult to identify those ads with malicious code embedded.

Despite these challenges, there are ways to prevent malvertising from impacting business operations. 

What Users Can Do

Users can take the following steps to reduce their risk of infection.

  1. Be sure that all web browser extensions are updated. Use the latest browser versions to ensure that the most recent security patches are in place.
  2. Install antivirus software and adblockers to reduce the risk of running into a malicious advertisement. Also, ensure that all the latest updates are installed so that these AVI systems remain fully optimised.
  3. Avoid using Flash and Java. Both of these programs contain vulnerabilities that invite malware attacks of all kinds. Also, adjust system settings so these programs cannot run automatically during browser sessions.

What Publishers Can Do

Publishers can take precautionary steps as well.

  1. Thoroughly vet the third-party ad networks responsible for selecting and running ads.
  2. Scan all creative media displayed in their ads to ensure no embedded malware links.
  3. Ads should not contain JavaScript or Flash, and users should avoid clicking on ads with these elements. The interactive aspect of such software means users are more inclined to click on advertisements using these programs.
  4. Partner with a trusted cybersecurity provider that offers customised recommendations based on the organisation’s digital advertising strategy and online activities.


With malvertising attacks on the rise, both users and publishers must be aware of the risks and, more importantly, the steps they can take to avoid becoming victims. 

Businesses rely on digital advertising as part of their marketing strategy., and users benefit from legitimate ads. So, self-education becomes more and more essential as the digital ad landscape grows in complexity.

From anti-malware, anti-phishing, SEO poisoning, and 2FA to SASE and cloud-based air-gap immutable backup storage, Securus has a security solution to suit your requirement and budget. If you would like to discuss your network security requirements in more detail with one of our cyber security professionals, please don’t hesitate to get in touch.

Further Technology Articles