Malvertising: How to Avoid Tempting Scams

Malvertising is a term used to describe the practice of using malicious online ads to infect users with malware. Malicious actors can use these ads to spread viruses, spyware, and other types of malware to unsuspecting users, often through legitimate websites.

One of the facets of surfing the Web is ads that appear on the sidebar, at the end of videos, as pop-ups in new windows, and in a million other places as you go. These advertisements figure out what you might like to purchase through tracked Cookies on other websites, demographic information, geo-location, and more hints about what will strike your fancy. At best, this is a convenient feature for finding items you want to buy, especially as they relate to other recent purchases.

At worst, these promotions are secret vehicles intent on delivering malware to your computer.

Welcome to Malvertising

‘Malicious advertising’ begot the portmanteau malvertising, which refers to placing corrupt ads online to lure victims into clicking on them. Malware could be placed in the ad, ready to download as soon as you click or visit the website where it redirects you. Alternatively, you may be persuaded to buy false services or products from these links.

Malvertising link scam

Malvertising will…

  • Commonly set up as click-to-download infections, so you have to interact to be caught in the threat actor’s net
  • Submit ads to trusted third-party sites that then display damaging content without realizing its risks
  • Exploit vulnerabilities in third-party websites to display their malicious content without permission
  • Steal personally identifying information (PII) like your name or financial information
  • be present in an estimated 1 out of every 100 ad impressions

Remember! Just because they both involve online ads, malvertising is different from adware. Adware is software downloaded onto your computer which generates pop-ups convincing you of an imminent threat, or the potential risk of one, and runs on every website you visit. Malvertisements are malicious code uploaded to infect particular landing pages.

Fighting and Avoiding Malverts

How can you keep yourself safe from this reverse social engineering tactic? First and foremost, don’t click on ads you find on the side of your browser. If something looks interesting, open a new tab and look it up through the purveyor’s main website. This will give you time to think, appraise the legitimacy of the page, and slow down before pulling out your credit card.

Image illustrating a malvertising scam

One of the reasons that malvertising is so dangerous is that it doesn’t require much engagement from you in order to negatively impact your systems. In some cases, the bad actor can drive-by download the virus onto your machine as soon as you pass the landing page where the threat lies in wait.

On the bright side, that means proactive measures can head off many threats before they morph into a full-on cyberattack. Firewalls, browser extensions that detect at-risk websites, ad blockers, and antivirus software all work together to protect your systems. That’s why necessary upgrades should be made ASAP. Turn on auto-updates so you never forget to update to the latest, safest versions!


Vigilance and continued security awareness education can help you recognize and prevent hackers from coming in through malvertisements. It’s not just your data at risk, but others whose systems are connected through the local network. Depending on the malware, the infected ad could contain ransomware or self-propagate and spread to your friends. You never know what the hacker’s ultimate target is; but you can prevent them from getting near any of your data with regular cybersecurity assessments, training, and compliance.

Keep the internet an enjoyable and convenient place to spend time! Understanding the cyber-threats happening today will better prepare you to notice, and thus fend off, anything a hacker might throw your way. Follow our blog for the latest tips on staying cyber-secure!