What is Malvertising?

by Matt Gillis, on Nov 10, 2020 6:15:00 AM

Malvertising is a malicious attack that impacts legitimate websites by bad actors purchasing and submitting ads that appear to be normal, but in fact execute malicious activity when displayed.

Learn more about the key FAQs about Malvertising:

Have you ever browsed the web and then all of a sudden, your screen is taken over by a pop-up that won’t go away and is obnoxiously telling that you’ve “won an Amazon gift card?”

-- Article Continues Below --

New call-to-action

Visit the Complete Malvertising Resource Center

If you answered yes, then you have firsthand experience with malvertising.

The above is one of many forms of malware that can affect your device through a digital ad on the website you visited. Composed of creative, data, and JavaScript, digital ads have the potential to reach billions of end-users, making them an attractive target for bad actors to deliver malware to unsuspecting web or app visitors.

In addition to adversely impacting publishers’ ad revenue, malvertising disrupts the user experience by prohibiting them from engaging on a site by hijacking the browser and forcing users to a new page, freezing the page as a whole, or other malicious activity.

Malvertising takes a variety of forms, including forced redirects (just like our pesky Amazon gift card example), crypto-mining, video stuffing, and more. Malicious ads sneak into our user experiences by mimicking the appearance of familiar advertisements.

These disguises can include pop-up advertisements that try to persuade you to update existing browsers or software programs or offers for free items or services. In addition to pop-up formatting, malicious ads can be disguised as paid ads, banner ads, widgets, and more.

Learn More About Different Types Of Ad Fraud

Often, malicious ads use tactics such as scareware, get-rich-quick, surveys, or tech support scams to entice viewers to click. These tactics could be anything from a false warning that your device is already infected and prompt the installation of a scam anti-virus or VPN solution, or a reminder that foundational software requires updating to continue use.

Read the Case Study

How cleanAD Completely Eliminated Malicious Redirects, Freeing up 60 Hours of AdOps Efforts per Week, for Venatus Media

Read the Case Study

Who does malvertising affect?

Malvertising affects everyone. From the technology companies that enable ads to be bought in the ecosystem, the supply-side platforms that help publishers monetize the eyeballs on their sites, the publishers themselves, and ultimately, end-users – no party is unscathed from the disruption caused by malvertising.

For publishers, malvertising damages a site’s reputation and brand as well as impacts ad revenue. When a forced redirect or click disrupts a customer’s visit to a publisher’s site, it taints the visitor’s perception of the publisher and discourages them from revisiting that site.

In addition to causing customer complaints, malvertising impacts the publisher’s revenue stream. Malvertising forces stakeholders to drop focus on revenue-generating initiatives to fight malicious ads and defend their site. During periods of a malvertising attack, publishers can lose between 60-80% of the time spent on-site from malicious redirects, resulting in an overall loss of traffic.

This impacts their digital advertising KPIs as consumers are auto-redirected to an alternative URL/site, which does not count as a revenue-generating event for the publisher. The drop off in user attention, and eventual loss in loyal customers, directly impacts the bottom line. Malvertising also incurs indirect costs, including litigation, mitigation, and fixing vulnerabilities after the web application deploys.

Why should you care about malvertising?

It should be no surprise that digital advertising is on the rise. In a 2019 report, Forbes reported, “The U.S. advertising market has seen a marked shift in dynamics over the last decade due to the rise of digital advertising. In terms of component growth, non-digital revenues are expected to decline due to budget shifts towards digital.” 1

malvertising-mockup-1Digital advertising is thriving, and the number of ads encountered on a daily basis will only continue to grow. No matter where you go on the web, digital advertisements will be there to greet you, and with them, the threat of malvertising.

Protecting your visitors from malvertising is essential to protecting digital ad revenue and preserving a website’s user experience. However, the effects of malvertising extend beyond the economic impact of reduced time on the site and lost site visitors or brand credibility.

While the aforementioned reasons in itself are reason to care, malvertising also funds criminals who profit off of your advertisements and then reinvest their earnings in more cybercrime.

User complaints have the potential to damage a publisher’s brand and trust. Furthermore, key distribution partners like social networks may take action against publishers which can lead to additional revenue loss.

Finally, certain monetization partners like Google and others may flag publishers for malware, even though those same platforms delivered malware to the publisher in the first place. Not only is the visitor’s goal interrupted, but publishers could also lose a customer or follower as a result – potentially trickling into bad online reviews, publicized complaints, or business loss.

Read the Guide

Malvertising: What You Need to Know to Prevent It

Malvertising prevention is essential for any publisher with an expansive online presence, and shoring up your lines of defense is a worthwhile investment.

Read the Guide

How Can You Protect Against Malvertising?

With the constant evolution of the digital landscape and growing sophistication of malvertising threats, it can be challenging to prevent, stop, or predict the sources of malicious advertising in the programmatic ad ecosystem.

Static Analysis

When malvertising first surfaced, the first generation of prevention solutions utilized static analysis. The most common of these solutions included offline scanning. With this solution, an advertiser registers creative for a new campaign and then an ad quality solution scans the creative in an offline environment to ensure legitimacy.

Result: This was easy for bad actors to get around because the offline environment was not representative of real users and is easy to circumvent.


This led to the next generation of malvertising prevention – URL blocklisting. Blocklisting is essentially the compilation of suspicious URLs that bad actors have been using and have been identified as malicious and blocked from reentry.

Result: While a widely used solution to this day, blocklisting is only as effective as the list itself. Rather than identifying and preventing malicious ads in real-time, blocklisting involves using a sandbox, or an isolated virtual environment, to notice a bad actor and put them on the blocklist in order to block the next one that tries to get on the site.

Sophisticated malware can be written to detect a sandbox testing environment, preventing the delivery of a malicious payload until it is on a live site. As malvertising continues to evolve, this kickstarted a new generation of prevention solutions to thwart bad actors – behavioral analysis.

Behavioral Analysis

Rather than taking a reactive approach to malvertising prevention, cleanAD’s malvertising solution analyzes the behavior of the ad to determine if it exhibits characteristics of malicious ads.

By analyzing JavaScript on the page in real-time and looking for specific behaviors that are deemed nefarious, CleanAD will stop the bad actors from executing while letting each auction complete, and each ad to render on the page. In doing so, the bad actor has paid for an ad, yet gets no engagement because the malicious JavaScript does not execute.

Result: This makes malvertising unprofitable for the bad actor. When that happens, not only will your visitors be protected when they visit the site, bad actors are discouraged from targeting your website.

Get Started With cleanAD

Whether your site or app is actively being attacked by malicious ads or you want to have a solution in place for preventative measures, cleanAD’s exceptionally easy-to-implement cybersecurity platform is available to protect publisher digital advertising revenue and visitor user experiences.

Using behavioral analysis, cleanAD minimizes the impact and profitability of malicious ads and yields fewer false positives and false negatives, so you can make the most of your ad monetization.

The Complete Guide to Malvertising


Topics:Malvertising 101

Our blog

Where businesses come to learn more about protecting the points of digital engagement with their customers, audiences and users.

Subscribe to Updates