Malvertising: what you need to know to prevent it

Ads can be annoying, and they can also be dangerous to your cybersecurity. Simply by visiting your favorite daily news website, you can become a victim.

Malvertising is a type of cyber attack when fraudsters embed malicious code in advertisements to get the user’s device injected with malware. By viewing or clicking an ad, you risk losing the control of your device and your data, as well as experiencing the reduced performance of your desktop or mobile device.

Continue reading to learn more about different types of malvertising, its examples, and, most importantly, ways to protect yourself against it.

How does malvertising work?

Malvertising can occur in different ways, but its primary goal is to inject an ad with malicious code, so that website visitors who’d click on an ad either get redirected to malicious websites or get their devices infected with malware.

To create ads, fraudsters hide the malicious code lines in JavaScript that is prone to vulnerabilities.

When discussing malvertising, we could divide it into two parts:

  1. Pre-click
  2. Post-click

Pre-click malvertising

With pre-click malvertising, you can be redirected to a malicious site, or become a victim of a so-called drive-by download attack that refers to unintentional malware download onto your device when viewing an ad on a website.

Pre-click malvertising is dangerous as there’s only so much you can do. Malicious ads can appear on widely known and trusted websites, such as The New York Times or The Atlantic - both of which were previously involved in this type of fraud.

Post-click malvertising

As the name suggests, post-click advertising requires you to click on an ad to start the download of malware onto your device, or a redirect to a malicious website. Even though there's an extra step you have to take, post-click malvertising is as dangerous as pre-click malvertising. In this case, fraudsters can both take control of your device and inject it with different types of malware, e.g., spyware and adware, or use it for malicious purposes, e.g., cryptojacking.

With spyware, fraudsters can take over your device's camera and microphone, as well as track the sensitive information that you type in while browsing. After having access to your data, cybercriminals use it to steal your identity.

Another type of malware fraudsters use is adware. By installing ad displaying software onto your device, fraudsters make money from each ad that you get to see. As they commit the same cybercrime many times, they tend to benefit financially. While at first glance, this type of adware is not as dangerous as spyware, it’s still considered a cybercrime.

Cryptojacking, also known as malicious cryptomining, takes place when fraudsters install crypto mining software through malvertising on your computer. After that, cybercriminals start mining cryptocurrencies using your device's processing power, thus slowing it down. More often than not, the victims do not notice that the malicious software was installed on their device.

Most famous malvertising examples globally

To see that malvertising is not something that only shady websites are prone to, let’s look at some of its most famous cases.

Yahoo case

Back in 2015, Yahoo users suffered from one of the first wider-known malvertising attacks. Fraudsters managed to get space for the malicious ads on the website, attempting to install malware on users’ devices.

Cyber criminals took advantage of an Adobe Flash vulnerability to install a combination of ransomware and fraudulent ads.

Yahoo was informed about the fraud by Malwarebytes and eliminated the malicious ads.

Spotify case

Spotify was also involved in a malvertising scandal back in 2016, as some ads on the app were infected with malicious code.

Once some of the Spotify users clicked on the ads, they were redirected to suspicious pop-ups.

Other users experienced malware installation attempts.

Music streaming platform was informed about the fraud by its users, and shortly after solved the issue.

The New York Times and BBC

In 2016, major news websites, including The New York Times and BBC, were targeted in a malvertising attack.

After clicking on the ads, users were redirected to malware pages that included the Angler exploit kit, aimed at forcing the installation of the cryptolocker-style software. With this type of malware, the hard drive is encrypted, and users are asked to pay the fraudsters Bitcoin to unlock it.

This attack lasted for around 24 hours.


Lastly, it is important to note that for the last few years malvertising was decreasing, however, it came back as strong as ever in 2020. And as in many cases this year, Covid-19 is to blame.

With Covid-19 news occupying the media this year, fraudsters took this opportunity to inject seemingly Covid-19 related advertisements with malicious code to either send readers to malicious websites or get malware installed on their computers.

How to Prevent Malvertising

Given the fact that online giants, such as The New York Times or Spotify, have suffered from malicious ads, it is evident that the measures the fraudsters take improve daily. However, there are some steps you can complete to increase the likelihood of staying safe while browsing.

Use and update your antivirus software

Using a high-quality antivirus program is one of the first steps you should take when working on your cybersecurity. Keeping it up to date is the second one - especially when it comes to malvertising prevention.

When trying to prevent malvertising, make sure not to get tricked by fake security apps. While they claim to protect you, they may be spying on you instead - only use trusted providers for your cybersecurity.

Consider using ad blockers

Even though relying on ad blockers alone is not sufficient, it’s a great starting point. These online tools block pop-ups and banner ads, hence you are less likely to suffer from malicious ads.

What you have to keep in mind, though, is that fraudsters have already come up with workarounds against ad blockers. Hence, using them with other tools (such as antivirus programs) is the only way to go.

What is more, you should judge ad blockers with a grain of salt. While using them will prevent you from seeing the ads that can be infected with malicious code, they harm the advertising industry in general.

By installing an ad blocker on our browsers, we cut revenues for websites. While some publishers may not feel harsh consequences, others will suffer tremendously. As an alternative, you can opt for ad filters, such as uBlock Origin or Ghostery.

Update your browser and uninstall its plugins

Keeping your browser up to date is vital as it’s vulnerable to drive-by download attacks. The sooner you take care of all those necessary updates, the better.

When it comes to browser plugins, you should uninstall Flash and Java altogether. The latter is no longer supported, and the former is set to end its life at the end of 2020. Therefore, to prevent security vulnerabilities on your browser, uninstall these plugins as soon as possible.

Bottom line

Malvertising is hard to spot and ugly to deal with. However, taking some steps in advance may work as prevention and reduce the harm that you may encounter when becoming a victim.

As we are getting ready to encounter the second wave of Covid-19, we can be sure that malvertisers are not wasting their time, either. Just like they did in the Spring of 2020, they’ll be coming back with malicious tactics that we have to be ready for.