Malicious Advertising


Malvertising, a combination of the words “malicious” and “advertising,” refers to the practice of using online advertisements to spread malware. Cybercriminals embed malicious code within seemingly legitimate ads, which are then distributed across various ad networks. Unsuspecting users who click on these ads or engage with them unintentionally trigger the download of malware onto their devices, compromising their security.

Key Takeaways

  1. Malvertising is a cyber attack method where malicious code is hidden within online advertisements to spread malware and infect user’s devices upon interacting with or viewing the ad.
  2. It poses a significant risk to internet users as even legitimate and popular websites can unknowingly host malicious advertisements, making it difficult to avoid just by avoiding suspicious sites.
  3. Preventing malvertising involves keeping software up-to-date, using reputable ad-blockers, being mindful of potential phishing attempts, and using antivirus or security software with real-time scanning capabilities.


Malvertising is an important technology term as it refers to the malicious use of online advertisements to spread malware, disrupt user experience, and compromise sensitive information.

By exploiting the vulnerabilities in advertising networks, cybercriminals can infiltrate user devices through seemingly legitimate ads on websites.

This deceptive tactic proves dangerous for both users and website owners, as it can lead to data breaches, identity theft, diminished trust, and potentially severe financial losses.

Awareness of malvertising is essential, as it encourages users to adopt robust security measures and pushes the industry to develop cybersecurity solutions to counter these pervasive threats.


Malvertising, a portmanteau of “malicious advertising,” serves as a tool for cybercriminals to exploit online advertising networks and spread malware to unsuspecting Internet users. It is geared towards a nefarious purpose, aiming to achieve various illicit objectives, such as stealing sensitive information, installing ransomware, or even recruiting devices into botnets. By leveraging the reach of reputable ad platforms and websites, cybercriminals can maximize the effectiveness of their attacks and target a larger pool of potential victims.

Conveniently camouflaged within legitimate advertisements, malvertising presents itself as a seemingly innocent and unsuspicious entity. The applications of malvertising chiefly revolve around furthering criminal activities by exploiting security vulnerabilities in browsers, plugins, or operating systems. Cybercriminals craft and submit seemingly authentic ads to advertising networks, taking advantage of the trust placed in legitimate ads to reach a vast audience.

Once a user clicks on the infected ad, unwittingly, they may trigger a drive-by-download or be redirected to a malicious website. These events might install malware, adware, ransomware, or other malicious content on the user’s computer, often without their knowledge. Consequently, cybercriminals gather financial data, sensitive information, or even control of the system, leaving the user susceptible to devastating consequences.

Thus, the primary purpose of malvertising is to facilitate criminal activities and achieve financial gains through the art of digital deception.

Examples of Malvertising

Malvertising, a combination of the terms “malware” and “advertising,” refers to the use of online advertising platforms to spread malware and harmful content. Cybercriminals use it to exploit legitimate ad networks and websites, leading to security breaches for users. Here are three real-world examples of malvertising:

The ‘Kyle and Stan’ Malvertising Campaign (2013): This is one of the largest malvertising campaigns, affecting around 9 million users per month. Named after the characters from the popular TV series ‘South Park,’ cybercriminals used the infamous Blackhole Exploit Kit to infect legitimate websites through malicious ads. When users clicked on the seemingly innocent advertisements, they were redirected to malicious websites that instantly attempted to compromise their devices.

The ‘eGobbler’ Campaign (2019): Affecting billions of ad impressions in a short period, this malvertising campaign targeted Chrome and Safari browsers by exploiting browser vulnerabilities. Users visiting popular websites and interacting with seemingly safe online ads were redirected to malicious websites that would compromise their device and, in many cases, install payloads such as ransomware or banking Trojans.

The ‘RoughTed’ Campaign (2017): This large-scale malvertising operation targeted a wide range of users and devices, including Windows, macOS, and Linux. It utilized what was known as “polymorphic” or “fingerprint-based” ads to avoid detection and thwart ad-blockers. Users who clicked on the malicious ads were directed to exploit kits or prompted to install rogue browser extensions and malware-laced applications.

Malvertising FAQ

1. What is malvertising?

Malvertising, or malicious advertising, is a technique used by cybercriminals to spread malware through online advertisements. This is often accomplished by embedding malicious code within seemingly trustworthy advertisements that, when clicked on or simply displayed, can infect the user’s device with malware, ransomware, or other types of threats.

2. How does malvertising work?

Malvertising works by injecting malicious code into legitimate online advertising networks and webpages. When a user visits a website hosting an infected ad, the malicious code is executed, potentially causing harm to the user’s device or system. In some cases, the mere presence of the ad can trigger the malware download (known as a “drive-by” attack) without any interaction from the user.

3. What are the warning signs of malvertising?

Some warning signs of a potential malvertising attack include: unexpected pop-up ads, unfamiliar browser extensions or toolbars, a sudden change in browser settings, unusual system slowdown, or the appearance of new and unknown programs on your device. Keep in mind that malvertising can be difficult to detect, as it can mimic legitimate advertisements and often does not present any visual indicators of being malicious.

4. How can I protect myself from malvertising?

To protect yourself from malvertising, follow these steps: keep your software and operating system updated, use comprehensive security software, enable pop-up blockers, disable automatic browser plug-ins, and be cautious when clicking on advertisements or unfamiliar links. Additionally, consider using ad-blocking extensions and only visit trusted websites.

5. What should I do if I’ve been affected by malvertising?

If you suspect you have been a victim of malvertising, immediately run a full system scan using a reputable anti-malware software to identify and remove any malicious files. If necessary, take your device to a professional for further assistance. Change all of your account passwords and enable multi-factor authentication on sensitive accounts. Contact your financial institutions and credit reporting agencies to notify them of potential fraud and monitor your account statements for any suspicious activity.

Related Technology Terms

  • Adware
  • Drive-by download
  • Exploit kit
  • Clickjacking
  • Phishing

Sources for More Information

Technology Glossary

Table of Contents

More Terms