What Is Malvertising?

Malvertising (short for "malicious advertising") is a cyber attack technique that uses online advertising networks for malware distribution.

This contrasts sharply with a traditional malware attack, where the victim has to perform an action, such as downloading or installing a potentially dangerous piece of software. Malvertising embeds itself within the infrastructure of legitimate ads. It is, therefore, a serious challenge to cybersecurity in that it can easily compromise a victim's system in a stealthy manner and, under normal conditions, does not give any flags or warning that malicious activity is occurring.

This blog post explains the complexity behind "malicious ads" and "malvertisements," offering a concise but comprehensive understanding of how malvertising is perpetuated and practical tips to safeguard either the individual or the organization.

How Do Attackers Use Malvertising?

Despite the sophisticated detection and prevention systems employed by advertising platforms such as Google, attackers continually refine their strategies to circumvent these safeguards. By leveraging the inherent trust users place in legitimate websites and well-known ad networks, threat actors successfully deploy malvertising campaigns. They exploit this trust to distribute malicious advertisements, blending seamlessly with benign content. Here's an overview of how attackers orchestrate these malvertising campaigns:

Infecting Legitimate Ads

Attackers may hijack legitimate ads, injecting them with malicious code. This is often achieved by exploiting security flaws in the advertising platform or the website hosting the ad. When users click on or, in some cases, view these infected ads, the malicious code can be executed on their devices.

Creating Malicious Ads from Scratch

Alternatively, attackers might craft entirely new advertisements that are malicious in nature. These ads are designed to look benign to bypass the security checks of advertising networks. Once approved and displayed on websites, they can direct users to phishing sites, download malware, or execute harmful scripts without the user's consent.

Bypassing Detection With Sophisticated Techniques

Attackers use advanced techniques to avoid detection by both users and ad networks. This includes employing methods to target specific groups of users, timing the display of malicious ads to avoid security scans, and constantly changing the malicious payload to evade signature-based detection tools.

Exploiting Ad Supply Chain Vulnerabilities

The complex nature of the digital ad supply chain, involving multiple intermediaries between advertisers and publishers, provides attackers with numerous points of entry. By exploiting weaknesses at any stage of this chain, attackers can spread malicious ads widely.

The goal of malvertising can vary, from stealing personal information and login credentials to installing ransomware or other types of malware on the victims' devices. The stealthy nature of malvertising makes it a particularly insidious threat, as users can be compromised simply by visiting a reputable website that unknowingly serves a malicious ad.

6 Common Malvertising Attack Tactics

Malvertising can take various forms, each exploiting different aspects of the digital ad ecosystem to deploy malware or conduct scams. Here are some common malvertising attack tactics:

1. Exploit Kits: These are automated threats that exploit vulnerabilities in browsers, plugins, or applications to install malware without the user's knowledge. They are often embedded in or linked to malicious ads. Heimdal Security has written a great article about exploit kits, which covers the topic in depth.
2. Phishing Ads: These ads mimic legitimate businesses or offers, tricking users into clicking and directing them to phishing sites that look like the real site, where they might divulge personal information or credentials. Check out CanIPhish's library of phishing websites and put your phish spotting skills to the test!
3. Drive-by Downloads: Perhaps the most cunning and advanced form of malvertising, drive-by downloads can trigger automatic malware downloads when an ad loads on a webpage without any click or interaction from the user.
4. Forced Redirects: Malicious ads can redirect users from a legitimate site to a malicious one, which could host scams, malware, or further malicious ads.
5. Cryptojacking Scripts: Some malicious ads carry cryptojacking scripts. This type of advertising attack does not aim to steal data but to harness the computing power of the user's device to mine cryptocurrency without their consent.
6. Scareware: Closely resembling traditional malware, this type of malvertisement is ads that falsely alert users to non-existent viruses on their devices, urging them to download malicious software under the guise of antivirus protection.

Remember, the effectiveness of malvertising relies heavily on exploiting legitimate ad networks to distribute malicious content, making it challenging for users to discern which ads are safe.

4 Examples Of Malvertising Attacks In Action

What happens if I come across malvertising? To help shed light on the mechanics of malvertising and cement what you've learned in this article, let's play out four illustrative scenarios of malvertising attacks and their potential outcomes with you as the main character!

Example 1: Forced Redirects via Malvertising

While watching a video on YouTube, the content suddenly pauses, and your browser automatically redirects you to a website claiming you've won a meet and greet with your favorite YouTuber. You think to yourself that because it happened on YouTube, it must be legitimate, and today is your lucky day. However, this forced redirect results from malvertising hidden within the ad network. While on this scam site, you mistakenly enter personal information to claim your non-existent prize, putting your privacy at risk.

Example 2: Phishing Through Malvertising

While researching credit card options, you stumble upon an advertisement from your current bank promoting a new card with attractive benefits. Eager to learn more, you click the ad and land on the familiar bank login page. However, after entering your credentials and attempting to log in, the page fails to respond. Uh-oh! Upon a closer inspection, you realize the URL doesn't match your bank's standard web address; instead, it's a suspicious string of random characters. Unwittingly, your banking details have now been captured by cybercriminals using malvertising and website cloning to masquerade as a trustworthy entity.

Top tip: Preventing phishing starts with recognizing the signs of an attack. CanIPhish offers free phishing simulations, providing valuable education without the risk of real-world consequences. Sign up for an account today—no credit card required, no annoying sales calls, and no commitments.

Example 3: Cryptojacking through Malvertising

While browsing a technology news website, an advertisement for a new, innovative software tool catches your attention. After clicking on the ad, nothing seems to download or open, so you continue browsing, unaware of any issue. However, this click has initiated a cryptojacking script through the malvertisement. Unbeknownst to you, your computer's processing power is now being used to mine cryptocurrency for cybercriminals.

Example 4: Drive-by Download via Malvertising

While searching the web for what to watch on Netflix, you encounter an ad promoting a free trial of a new productivity software. Intrigued, you consider clicking the ad but choose to keep sifting through movie ratings instead. Without any further action on your part, a drive-by download initiates, exploiting a vulnerability in your browser. What you don't know is that malicious software has just been silently installed on your computer, setting the stage for data theft or further malware infection.

Understanding these scenarios underscores the stealth and diversity of malvertising attacks, highlighting the importance of vigilance while navigating the digital world. It's crucial to remember that malvertising can masquerade as legitimate ads on even the most reputable sites, leveraging sophisticated tactics to exploit, deceive, and compromise unwary users. Next up, we will explore how you can protect yourself against malvertising.

What Can You Do To Prevent Malvertising?

Unlike direct attacks, malvertising can compromise your device's security without any direct action. This makes it a challenging threat to eliminate completely. However, with caution and the right tools, you can minimize the risk. Here's how:

1. Update Your Software Regularly: Keeping your operating system, browsers, and all software up to date is crucial. Software updates often include patches for security vulnerabilities that malvertisers exploit.
2. Use Ad Blockers: Ad blocking software can prevent many malvertisements from appearing, thereby reducing the risk of accidental clicks on malicious ads. Check out Tomsguide for an up-to-date list of the best adblockers in 2024
3. Employ Anti-Malware Tools: Quality anti-malware solutions offer real-time protection against threats, including those from malvertising. They can block malware downloads and alert you to suspicious activity.
4. Enable Click-to-Play Plugins: This feature prevents plugins from running automatically on websites, which malvertisers commonly exploit. Enabling click-to-play means content only runs when you explicitly allow it, giving you more control over what executes in your browser. To get started, we recommend this How-To Geek article 'How to Enable Click-to-Play Plugins in Every Web Browser'
5. Be Skeptical of Ads: Exercise caution with online ads, especially those that seem too good to be true. Avoid clicking on ads directly; if an offer interests you, navigate to the official website by entering the URL manually in your browser.
6. Educate Yourself and Others: Awareness is a powerful tool. Educate yourself about the latest online threats and share your knowledge with friends and family. The more people know about malvertising, the less effective it becomes.
7. Configure Your Web Browser: Modern web browsers have built-in security features that can help protect against malvertising. Utilize privacy modes, turn off unnecessary plugins, and configure your security settings for maximum protection.
8. Regularly Monitor Your Devices: Pay attention to your device's performance and conduct regular scans for malware. Unexplained slowdowns, crashes, or pop-ups could indicate an infection.

By adopting these practices, users can significantly reduce their risk of falling victim to malvertising and other cyber threats.

Top tip: Knowledge and awareness can be the difference between a near miss and a catastrophe when it comes to malvertising. Post these around the office to promote better security awareness. Head to our free downloads page for the full range of free security awareness content.

Frequently Asked Questions

What's the Difference Between Malvertising and Malware?

Malvertising, short for "malicious advertising," refers to the practice of spreading malware through online advertisements. Unlike malware, which requires some form of user interaction such as downloading or installing software to compromise a system, malvertising embeds malicious code within legitimate-looking ads. The key distinction lies in the delivery method.

How Does Malvertising End Up On Legitimate Websites?

Malvertising infiltrates legitimate websites through sophisticated techniques that evade the security measures of advertising platforms. Cyber attackers may inject malicious code into ads that appear legitimate, create entirely new ads that are malicious from the outset, exploit weaknesses in the digital ad supply chain, or use targeted approaches to reach specific users while avoiding detection.

What Are the Most Common Malvertising Tactics in 2024?

In 2024, the most prevalent malvertising tactics include:

1. Exploit Kits: Automated frameworks that identify and exploit security holes to deliver malware.
2. Phishing Ads: Deceptive advertisements that lure users to counterfeit websites to harvest personal data.
3. Drive-by Downloads: Malicious downloads initiated simply by visiting a website with a compromised ad, requiring no user interaction.
4. Forced Redirects: Ads that automatically reroute users to harmful websites, exposing them to malware or scams.

How Can Organizations Prevent Malvertising?

Organizations can enhance their defenses against malvertising through strategic actions:

1. Configure Global Security Settings: Apply strict browser and network security configurations across all devices to block malicious ads and content.
2. Implement Ad Blockers Enterprise-wide: Deploy ad blocking software at the network level to prevent malvertising from reaching end users.
3. Use Anti-Malware Solutions: Install and maintain robust anti-malware programs with real-time scanning capabilities to detect and neutralize threats.
4. Regular Software Updates: Enforce policies for timely software and security patch updates to close vulnerabilities that could be exploited by malvertisers.
5. Cybersecurity Training: Conduct regular training sessions for employees on the latest cybersecurity threats, including malvertising, and best practices for prevention.
6. Monitor and Analyze Network Traffic: Utilize advanced monitoring tools to detect unusual traffic patterns or threats, including malvertising activities.