Malvertising Threats Surge Amid COVID-19

by Matt Gillis, on Mar 30, 2020 11:00:00 AM

We last issued our cleanAD SMART Report on February 3, 2020, less than 60 days ago. Since then, our lives have changed dramatically. Social distancing. Working from home. Living on video chat, craving information and insights to understand what is happening, and when we can get back to what will be the ‘new normal’.

On Friday, March 27th, Will Doherty from Index Exchange shared some great data that articulates how the buy-side changed dramatically in the month of March. Doherty noted that most advertiser categories have been pulling back spend over the last few weeks. It all makes sense as companies are resetting plans in light of what we are experiencing.

Today, we’re sharing some data of our own. With the pullback from brand advertisers in the ecosystem, we’ve seen a surge in malicious activity. Lower CPMs and an increase in traffic have created the perfect storm for bad actors to disrupt end-user experiences and impair publisher monetization at a time when publishers can least afford further disruption.

Our data represents tens of thousands of sites and apps that generate tens of billions of monthly page views, globally. cleanAD behaviorally analyzes the execution of JavaScript on these pages at run-time, where we block malicious activity in real-time. We hope this data will give you more insight into how the bad actors are thriving during their quarantine.

If there is something you’d like us to dig into, drop us a line at If you’re experiencing challenges with respect to malvertising on your sites and apps, we’re here to help!

Be safe, and stay clean!

-- Article Continues Below --

New call-to-action

Visit the Complete Malvertising Resource Center


Threat Levels Surge to End March 2020 


We started to see an uptick in the global threat level around March 11th. The threat level was very low at the start of the month, but over the course of the last ten days, activity began to surge. Threat levels continued to rise, and now, at the end of the month, we are seeing peaks that are approximately 50x higher than the baseline set in early March.

US Indexes Much Higher Than ROW – March 2020


The surge in malvertising has been quite significant in the United States compared to the rest of the world over the last month. Again, as we articulated in the chart above – the last 10 days have seen some large swings from day to day – hitting a peak in the United States of over 0.7% on March 24.

Read the Case Study

How cleanAD Completely Eliminated Malicious Redirects, Freeing up 60 Hours of AdOps Efforts per Week, for Venatus Media

Read the Case Study

Malvertisers Leveraging Brand Creatives To Conduct Attacks

Malvertisers are real advertisers. However, their goals are a lot different than the traditional advertiser. We’ve seen an uptick in malicious activity over the last few weeks and an impressive array of brands that malvertisers have been using to create their deception and conduct their malicious attacks.

Learn more about what is malvertising and how to protect your business.


Above is a snapshot of a few actual creatives that we’ve seen over the last few weeks that are being used to execute malicious ad fraud – all categories including real estate, travel, automotive, video games, app installs, and even cruise lines. They come in all shapes and sizes – malvertisers aren’t picky as long as they meet their goals. Their hope is to get through the creative approval process, and with creatives looking this good – they often find themselves getting approved by DSPs and SSPs.

Malicious Activity Happening In All Browsers


We’ve seen malicious ads coming through virtually every browser type over the last month, however, certain browsers have more malicious activity than others. Users consuming web content within Facebook and Snapchat appear to have experienced the majority of the disruption over the last two weeks. Chrome Mobile has steadily surged throughout the course of the month. Microsoft’s Edge browser experienced an attack that lasted several days mid-month.

As you can see there is a pulse of probing that has been generally happening most of the month.

Related Reading: Decoding the Behavior of Bad Actors in Malvertising

Read the Guide

Malvertising: What You Need to Know to Prevent It

Malvertising prevention is essential for any publisher with an expansive online presence, and shoring up your lines of defense is a worthwhile investment.

Read the Guide

Malicious Activity Across Numerous SSPs


The above chart best articulates the changing behavior of malvertisers as they shift their behavior constantly through the supply chain. In areas where you see a predominant color, that represents a single SSP along with their specific percentage of malicious ads we blocked from them on that particular day, for each day of the month.

You’ll see that it has been a tough month for the ‘blue’ SSP as they have experienced sustained malicious attacks the entire month. But, they aren’t alone. You’ll see that a variety of other SSPs had multiple days in the month where they accounted for at least 50% of the malicious ads in the ecosystem on that day.

If you have been experiencing challenges with malicious ads that are impacting your user experience, your monetization, or your reputation – let us know and we can help. Drop us an email at CleanAD offers publishers and platforms a 14 day free trial to give you a complete understanding of how malicious ads could be impacting your business.

The Complete Guide to Malvertising

Topics:Malvertising Data

Our blog

Where businesses come to learn more about protecting the points of digital engagement with their customers, audiences and users.

Subscribe to Updates