What Is Malvertising and How Can I Avoid It?

Online advertisements have become more targeted and invasive than ever before. But did you know that these ads could be more than just a nuisance? They can serve as dangerous vessels for malware and viruses, putting your device and personal information at risk. In this article, learn about malvertising, how malvertisements work, and most importantly, how to protect yourself from malvertising attacks.

What is malvertising?

Malvertising is the practice of using online advertising to spread malware and steal personal information. It can be seen as a type of attack advertising. This relatively new technique involves cybercriminals secretly injecting malware-laden advertisements into legitimate advertisers' online advertising networks and websites. When unsuspecting victims encounter these "malvertisements," they'll either be redirected to a malicious website or their device will be infected with some type of malware.

Because it's difficult for both websites and Internet users to detect, malvertising is a serious threat. Furthermore, because websites display advertisements to every visitor, every single page viewer is at risk.

How does malvertising work?

Malvertising works by exploiting vulnerabilities in ad networks. Hackers infiltrate the servers that host the ad networks and plant malicious code into seemingly harmless ads on trustworthy websites and apps. Once the compromised ad is up and running, it operates in two main ways - redirection and drive-by downloads.

With redirection, when the user clicks the advertisement, it redirects the user to spoof websites masked as real, legitimate sites. These malicious sites are solely designed to steal personal information. Once you enter your details into a spoof site, the criminals can use your information for identity theft or other criminal purposes.

Drive-by downloads are more insidious. Simply visiting the compromised page where the malicious ad is located can initiate malware download onto your device. This means that even if you're careful about the websites you visit and the links you click, you can still be at risk.

Malvertising examples

Malvertising can come in many forms, so it's important to know what you can look out for to spot it. Many advertising attacks involve leveraging other cybercriminal techniques, such as spoofing and social engineering. The following are all examples of potential malvertising:

  • Banner ads. Hackers can infect ads that appear on the top or side banners of legitimate websites.
  • Video ads. As YouTube and other video streaming sites continue to gain popularity, video advertisements have become a massive industry. However, it's important to be cautious, as even the ads that appear before or during videos can spread malware.
  • App advertising. Legitimate free mobile apps that allow advertising can unintentionally become carriers of malvertisements. Conversely, hackers can build fake or spoofed apps for the sole purpose of spreading malware.
  • Phishing advertisements. Oftentimes, phishing emails are designed to look like legitimate marketing emails from big companies like Amazon or Walmart. But these are actually scams to try to trick you into clicking the advertisement.
  • Targeted malvertisements. Like big tech companies, sophisticated cybercriminals can use more advanced techniques to precisely target their victims. For example, if a hacker has access to your browsing history, location, or device type, they can create targeted ads that you'll be more likely to click on.

How does malvertising affect users?

Malvertising displayed on a computer

Malvertising has real-world consequences that can put you and your data at risk. For example, in recent years, there have been several high-profile malvertising campaigns that impacted millions of users.

In cybercrime, information is the most sought-after resource. Once your device is infected with malware, criminals can access your personal data. This includes login details, credit card numbers, bank account information, and more. This data is extremely valuable to criminals, who can use it for identity theft and financial fraud.

Outside of exposing your personal information, malware can damage your files, modify or leak your data, and even monitor your Internet activity.

How do I protect against malvertising?

Without an ad blocker, Internet ads are unavoidable. This makes it incredibly challenging to tell the difference between those that are good and those that are bad. And because of the way ad networks operate, website publishers cannot oversee and verify every advertisement's authenticity. Furthermore, malicious ads are hard to spot since webpage ads frequently change, like a revolving door.

Fortunately, though, there are several ways to protect yourself from malvertising:

  • Use an ad blocker. One of the most effective ways to prevent malicious advertisements is to use an ad blocker. Ad blockers work by preventing ads from loading on web pages. After all, an advertisement can't infect your device if it was never there in the first place.
    Ad blockers are great for preventing drive-by downloads. However, keep in mind that some legitimate websites rely on advertising revenue to operate, so using an ad blocker may mean that you can't access certain content.
  • Enable click-to-play. Another useful strategy is to enable click-to-play in your browser. This feature prevents plugins like Flash or Java from automatically running, which can help to prevent malvertising attacks. Similarly, you can change your browser settings to block pop-up ads automatically.
  • Keep software up-to-date. Make sure to keep your browser and other software updated as many malvertising attacks exploit vulnerabilities in outdated software.
  • Don't click on ads. The best way to avoid malvertising is to avoid clicking on ads altogether. If you see an ad that strikes your interest, simply navigate to the website yourself. It may take a few extra seconds, but it is worth it to protect your online security and privacy.

These simple steps can help keep your device and your information secure.

What is the difference between malicious advertising and adware?

It's not uncommon for people to confuse malvertising and adware. But there is a difference between the two.

Malvertising operates covertly, using deceptive tactics to make you believe the displayed ads are genuine. On the other hand, adware presents malicious marketing campaigns, blatantly displaying unwanted advertisements on your device right out in the open. While all malware is malicious in nature, some adware is included in legitimate software packages. Adware can raise concerns about data privacy and security, but it cannot take over or alter your system or data.

Although both can be harmful, malvertising is the bigger threat as it can infect your device without your knowledge or consent, posing a serious risk to your online security.

Ultimately, malvertisements are a serious risk to Internet users. However, there are some practical ways that you can protect yourself. If you take the proper steps, you don't need to worry about damaging your device or losing your information to malicious advertisements.

Frequently asked questions

What is the meaning of malvertising?

Malvertising by definition means "malicious advertising."

What does malvertising do to your computer?

Malvertising can cause serious harm to your computer. The attacks often embed malicious code into the victim's device, stealing data and causing performance malfunctions.