Skip to Main Content

Beware of malvertising attacks and stay safer online 

It looks like just another online ad for a product or service but comes embedded with malware code that could attack and compromise your computer systems. That’s malvertising and, like the name suggests, it cunningly blends malware and advertising. It can also be so sneaky, that even legitimate websites may unwittingly display these malicious ads! Read our article to get useful information on this type of online threat, including how it works, and why it shouldn’t be confused with adware. Most importantly, find out you can keep your data and digital activities safer.

Malvertising: A brief introduction to the online threat you don’t want to meet 

Malicious advertising, or malvertising, is a relatively new cyberattack technique that injects malicious code into digital ads. These malware-infected adverts are then displayed online to people like you and me. They can be found on any website—even those you might trust. When you click on a malicious ad, you unleash the malicious code embedded in it and it can harm your device or damage or steal your data.  

According to Wikipedia, the first recorded malvertising attack occurred in late 2007 and exploited a vulnerability in Adobe Flash. It attacked popular online platforms, including MySpace. As an online threat, malvertising has an impressive (and rather embarrassing) timeline of milestones: In 2009, The New York Times online magazine published an ad that tricked readers into installing malicious security software on their computers—these devices then became part of a botnet. (Need to brush up on botnets? It refers to a network of private computers that are infected with malicious software and controlled as a group). In 2011, Spotify fell victim to a drive-by download malvertising attack—and hot on its heels The Los Angeles Times was targeted by a similar campaign. It was’s turn in 2013 and many of the webpage’s 6.9 billion monthly visitors were at risk.   

No history of malvertising would be complete without mentioning the probably  largest malvertising operation to date: In 2017, the Zirkonium group, a cybercriminal ad network, set up 28 fake ad agencies and purchased 1 billion ad views. Fake LinkedIn and social media profiles were also created and used to connect to people and promote the ads. It deeply eroded trust in the online ad industry and exposed just how vulnerable it is to “bad actors” (No, we’re not referring to failed Oscar winners but cybercriminals who exploit vulnerabilities in networks).  

Today, malvertising continues to grow in scope and is becoming more creative. It seems no website is immune to bad ads that can drop malware. Online dating, video streaming sites, and Google Ads are popular targets. Cybercriminals are also taking over abandoned domains (i.e.: domain names that were once registered but have not been renewed by the original owner) to display ads that forcefully auto-redirect users to tech support scams. Malicious advertisements can even turn PCs into crypto- mining machines, without users’ knowledge or consent. These devices then churn out new bitcoins for their attackers! 

Malvertising vs adware: Is it the same? 

Malvertising is often confused with adware (ad malware) because both are forms of malware and use infected advertisements to spread. There are important differences though. As described above, malvertising uses malicious code that targets your system. Adware targets you, the user, by forcing ads onto your device to generate clicks. Adware is sometimes sneakily bundled into software or apps that you download from the internet, usually as freeware or shareware. It then secretly installs itself onto your device and bombards you with pop-up ads. This can slow down your device, cause it to crash, and even redirect your internet searches. On a mobile phone, the battery may drain more quickly, and you may have unexplained data usage.  

Adware also typically collects browsing information to sell to advertisers. This is often referred to as browser hijacking. Ultimately, adware exists not to be distracting and annoying, but to make money: The creators and distributing vendors earn money per install (each time the software is installed), per click (each time you open an ad, even accidentally), and per view (each time the ad appears on your screen).  

In a nutshell, the intents differ. Malvertising is considered malicious because it may allow cybercriminals to assume control of a system or alter, steal, or delete data. Adware typically raises concerns about privacy as it can be used to track your web activity to display personalized ads.  

How does malvertising work? 

The basic recipe for malvertising is as follows: Take one cybercriminal, one online advert, and a pinch of advertising malware. Mix. (The cybercriminal hides a small piece of malicious code deep within a legitimate-looking ad, such as a banner ad. The code might be hidden in the copy, image, or video). When a user clicks on the ad, the corrupted code is installed on their computer, or their device is directed to connect to a malicious or compromised server where an exploit kit is waiting. This evaluates the system to find any vulnerabilities and then exploits them to gain access. Now that the door to the system has been opened by the exploit kit, the cybercriminal can attack. Their motives vary. They might want to take control of your system so they can lock it down and hold it to ransom via ransomware. They could steal sensitive information or add your computer to a botnet and use it to launch attacks. This entire process takes place behind the scenes, possibly while you’re happily sipping a coffee and thinking about the cool ad you just saw… 

It’s even possible to fall prey to a malvertising attack without clicking on an infected ad! Some cyber attackers forcefully redirect your browser to a malicious website and then use social engineering techniques to trick you into revealing personal or company information. If JavaScript or Flash are enabled to display advertising content, they can also serve as doorways for advertising malware.  

For a better understanding, let’s look at specific malvertising attacks in action:   

  • Angler Exploit Kit automatically redirected visitors to a malicious website where an exploit kit exploited vulnerabilities in common web extensions, including Adobe Flash, Microsoft Silverlight, and Oracle Java. 
  • KS Clean posed as an Android cleaner app. Once installed, it displayed a fake system update message which prompted the user to select the “OK” button and grant the app administrator privileges. The malware then bombarded the user with pop-up ads—and the app couldn’t be uninstalled as it had admin rights.  
  • RoughTed used a series of dynamic URLs to bypass ad blockers and some antivirus solutions. It made use of a complex advertising network and even the Amazon cloud infrastructure! 

 What are the most popular malvertising platforms? 

Should you breathe a sigh of relief if you’re using a Mac, and everyone knows that hackers prefer Windows machines? It’s not quite that simple. Windows has traditionally been the hot favorite for malware attacks because its huge user base potentially offers the greatest return on a hacker’s “investment”. Yet a malvertising campaign focused on a browser or plug-in can also easily infect a Mac, Chromebook, iPhone, and Android phone. Mobile phones can be even more vulnerable as users tend to take fewer security precautions than they would on a laptop or PC. Most of us are addicted to our handheld digital companions. They’re also always on and used extensively for online activities like social media, browsing, or shopping, so it’s more likely that you’ll be served up a malicious ad.  

A very real threat: What are the risks of malvertising? 

Viewing malvertisements is like opening Pandora’s box. You could release malicious programs such as viruses. These are designed to replicate themselves within your device, where they can also damage that device or steal data. Ransomware encrypts your files or locks your device until you pay a ransom—usually in untraceable cryptocurrency. Spyware secretly spies on your online activities and can violate your privacy and compromise your security. Keystroke loggers track what you type, making it easy to steal log-in details and take over your online accounts, such as a shopping or email account. Your email could be used to spew out spam and may get banned—and imagine how embarrassing a hacked social media account could be?  

Hackers can also trick you into divulging personal information yourself, so you hand over your bank account numbers and passwords. They could then drain your account in less time than it takes to read this blog—or use your credit card details to make purchases or even apply for a new card in your name. Reputable online security for all your devices is essential—and so is being vigilant! Be sure to read on for our top tips.  

Have your malvertising protection plan ready 

If you’re online, you can’t stay entirely away from malicious ads, but you can be ready for them and any surprises that malvertisers may have in store. Here’s how to be prepared: 

  • Use an ad blocker. You can’t click on what you don’t see! Ad-blocking can help clear webpages of online advertising, but please note that they don’t always stop all ads. Plus, some websites might not run properly if an ad blocker is turned on. 
  • Turn on click-to-play on your browser so online content that requires plugins to play (such as Java, Adobe Reader, QuickTime, and Flash) is disabled unless you manually give permission for that content to load. 
  • Keep all systems, software, and apps up to date. Outdated software has security loopholes known to hackers. Regular software updates keep you better protected against the latest threats. A software updater helps ensure that you regularly install safe, clean updates.  
  • Use strong passwords and a password manager. Passwords are the first line of protection for your online accounts and devices. If they’re easy to remember, they’re usually easy to crack! Password managers help generate, store, and manage complex passwords, so you don’t have to.  


Cybercriminals will always find new and creative ways to engage with you when you’re online. Click with extreme caution and be especially wary of pages or pop-ups that aggressively try to engage with you. Malvertising is designed to trick you—so be smart! Take the right action and always use reputable online security technology.  

This post is also available in: GermanFrenchItalian

Avira, a company with over 100 million customers and more than 500 employees, is a worldwide leading supplier of self-developed security solutions for professional and private use. With more than 25 years of experience, the company is a pioneer in its field.