What Is Malvertising and How Can I Avoid It?
Edited by Lizzy Schinkel, Tech Writer | Reviewed by Brian Gilbert, Network Administrator

Online advertisements have become more targeted and invasive than ever before. But did you know these ads could be more than just a nuisance? They can be dangerous vessels for malware and viruses, putting your device and personal information at risk. In this article, learn about malvertising, how malvertisements work, and most importantly, how to protect yourself from malvertising attacks.

What is malvertising?

Malvertising is the practice of using online ads to spread malware and steal personal information. It works like attack advertising. Cybercriminals secretly insert malware-filled ads into real advertising networks and websites. When someone sees one of these “malvertisements,” they may be redirected to a dangerous website or have their device infected without knowing it.

Malvertising is a serious threat because it’s hard to detect for both websites and users. Since ads are shown to everyone who visits a page, every viewer is potentially at risk.

How does malvertising work?

Malvertising works by taking advantage of weaknesses in online ad networks. Hackers break into the servers that host ads and hide malicious code inside ads that appear safe on trusted websites and apps.

Once the bad ad is live, it can harm users in two main ways: redirection and drive-by downloads.

In redirection attacks, clicking the ad takes users to fake websites that look real. These spoofed sites are designed to trick people into giving up personal information, which can then be used for identity theft or fraud.

Drive-by downloads are even sneakier. Just loading a page with a malicious ad can silently install malware on your device—no clicks required. So even if you’re careful about what you click, malvertising can still put you at risk.

Examples of malvertising attacks

Malvertising can come in many forms, so it's important to know what you can look out for to spot it. Many advertising attacks involve leveraging other cybercriminal techniques, such as spoofing and social engineering. The following are all examples of potential malvertising:

  • Banner ads. Hackers can infect ads on the top or side banners of legitimate websites.
  • Video ads. As YouTube and other video streaming sites continue to gain popularity, video advertisements have become a massive industry. However, it's important to be cautious, as even the ads that appear before or during videos can spread malware.
  • App advertising. Legitimate free mobile apps that allow advertising can unintentionally become carriers of malvertisements. Conversely, hackers can build fake or spoofed apps for the sole purpose of spreading malware.
  • Phishing advertisements. Often, phishing emails are designed to look like legitimate marketing emails from big companies like Amazon or Walmart. But these are scams that try to trick you into clicking the advertisement.
  • Targeted malvertisements. Like big tech companies, sophisticated cybercriminals can use more advanced techniques to precisely target their victims. For example, if a hacker has access to your browsing history, location, or device type, they can create targeted ads that you'll be more likely to click on.

Effects of malvertising on individuals and businesses

Malvertising displayed on a computer

Malvertising can have serious effects and put your personal information in danger. In recent years, some major malvertising attacks have affected millions of people.

In the world of cybercrime, your information is the main target. Once your device is infected with malware, criminals can steal your personal details - like usernames, passwords, credit card numbers, and bank info.

They often use this data to commit identity theft or financial fraud.

Malware can also damage your files, change or leak your data, and even track what you do online.

How do I protect against malvertising?

Without an ad blocker, Internet ads are unavoidable. This makes it incredibly challenging to tell the difference between those that are good and those that are bad. And because of the way ad networks operate, website publishers cannot oversee and verify every advertisement's authenticity. Furthermore, malicious ads are hard to spot since webpage ads frequently change, like a revolving door.

Fortunately, though, there are several ways to protect yourself from malvertising:

  • Use an ad blocker. One of the most effective ways to prevent malicious advertisements is to use an ad blocker. Ad blockers work by preventing ads from loading on web pages. After all, an advertisement can't infect your device if it was never there in the first place.
    Ad blockers are great for preventing drive-by downloads. However, keep in mind that some legitimate websites rely on advertising revenue to operate, so using an ad blocker may mean that you can't access certain content.
  • Enable click-to-play. Another useful strategy is to enable click-to-play in your browser. This feature prevents plugins like Flash or Java from automatically running, which can help to prevent malvertising attacks. Similarly, you can change your browser settings to block pop-up ads automatically.
  • Keep software up-to-date. Make sure to keep your browser and other software updated, as many malvertising attacks exploit vulnerabilities in outdated software.
  • Don't click on ads. The best way to avoid malvertising is to avoid clicking on ads altogether. If you see an ad that strikes your interest, simply navigate to the website yourself. It may take a few extra seconds, but it is worth it to protect your online security and privacy.

These simple steps can help keep your device and your information secure.

What is the difference between malicious advertising and adware?

Many people mix up malvertising and adware, but they are not the same.

Malvertising hides behind what look like normal ads. It tricks you into thinking the ad is safe, but clicking it can infect your device. Adware, on the other hand, shows unwanted ads directly on your screen. It often comes bundled with software you download. While annoying and sometimes a privacy risk, adware usually can’t take over or damage your system.

Both can cause problems, but malvertising is more dangerous. It can install harmful software on your device without you knowing or agreeing.

The good news is that you can take steps to stay safe. With the right tools and habits, you can avoid falling for fake ads and keep your device and personal information protected.

Frequently asked questions

What is the meaning of malvertising?

Malvertising by definition means "malicious advertising."

What are some examples of malvertising attacks?

Ransomware, spyware, and Trojan horses are all potential malvertising examples.

Is malvertising illegal?

Yes. Using advertisements to distribute malware is illegal.

Can antivirus software detect malvertising?

Malvertising can't always be detected by antivirus programs. However, once the malware is installed on your computer, most antivirus or antimalware programs should be able to detect and remove it.

What does malvertising do to your computer?

Malvertising can cause serious harm to your computer. The attacks often embed malicious code into the victim's device, stealing data and causing performance malfunctions.

Author

Written and Edited by Lizzy Schinkel & WhatIsMyIP.com® Editorial Contributors

Lizzy is a tech writer for WhatIsMyIP.com®, where she simplifies complex tech topics for readers of all levels. A Grove City College graduate with a bachelor’s degree in English, she’s been crafting clear and engaging content since 2020. When she’s not writing about IP addresses and online privacy, you’ll likely find her with a good book or exploring the latest tech trends.

Reviewer

Technically Reviewed by Brian Gilbert

Brian Gilbert is a tech enthusiast, network administrator, and lifelong problem solver with a knack for making complicated topics simple. As the overseer of WhatIsMyIP.com®, he combines 25+ years of experience with a passion for helping others navigate the digital world.