Who Are The Victims of Malvertising?

by Matt Gillis, on Feb 18, 2021 1:48:44 PM

It’s no secret, malvertising is destructive to the user experience

Some publishers don’t have malvertising protection, while others have solutions that are simply not effective.

But end users aren’t the only victims. Legitimate advertisers can often be hurt the most- and it can damage the integrity of their brand name when they are exploited or misrepresented.

  -- Article Continues Below --New call-to-action


The app install ecosystem is vibrant. Every app developer wants to cut through the clutter of the millions of apps that exist in the app store, and buying ads is one way to do this.

There has been plenty written about the shady tactics some agencies use to drive app installs and charge app developers.

Fraud in the digital media ecosystem is rampant and comes in many forms.  Invalid traffic, domain spoofing, malware, you name it.  Users are being exploited and advertisers are being fleeced.

Yesterday, I had a terrible experience on a website, and I think there is a lot that can be taken from it.  

I was reading a story and I was redirected to this page:

malicious ad example

I’ve been in this business long enough to know that I should never click something like this, but I was tempted to see what would happen. Folks often don’t understand the profit motives behind these schemes.

After I clicked ‘close’, guess what, it didn’t close… and I was subsequently redirected to a new landing page—one with even more ‘urgency’ as there was a countdown timer prompting me to address the problem.

fake google warning

This page is made to look like Google is endorsing this.  Obviously, they don’t...but it surely will have the user think twice before closing the notification. 

“Google is telling me I have 2 viruses - surely I ought to address it, right?  If I don’t, my entire phone will be compromised!”

As a good Canadian, I follow instructions, and I clicked the ‘Remove Virus Now’ button.

Presto - a new redirect!

app store redirect

So - after being told I have a virus and that I need to get my phone cleaned up, I then get redirected to the App Store, where I am presented with a download page for “QuickSafe VPN”.  

Like anyone who experiences these kinds of redirects, I had a lot of questions.

“Huh? A VPN? I thought you told me I have a virus? Why do I need a VPN?”

Who is Enerjoy?  Are they part of this shady marketing scheme?  Do they know about this?  Is someone taking advantage of their marketing budgets and using these tactics to drive app installs?  They can’t honestly be part of this shady scheme, can they?!!?

I tried to find a contact at this company.  I went to their website, and there is no ‘contact us’ link.  I couldn’t find a thing about them online. 

After some digging, I managed to find an email on the Google Play Store and reached out to see if they knew how their advertising dollars were being spent, but of course got no reply.

  -- Article Continues Below --

Read the Case Study

How cleanAD Completely Eliminated Malicious Redirects, Freeing up 60 Hours of AdOps Efforts per Week, for Venatus Media

Read the Case Study

What Can You Do To Prevent This Kind Of Fraud?

There are a number of ways to prevent schemes like this from taking advantage of unsuspecting users:

  • As a user, the best thing you can do to avoid these kinds of scams is to simply not click whatever bad ad pops on your screen. Close your browser, and just move on. You can also install an ad blocker into your browser, but if you do so, understand this will also hurt the ad revenue of your favorite retailers and content providers.

  • As a publisher, anti-malvertising software like cleanAD is your best bet. You want to make sure users have the best possible experience on your site. Bad ads like this leave users with a poor taste in their mouth, can ruin the reputation of your business, and make it so browsers may not return to your site.  It also invites users to install ad-blocking software, cutting into your ad revenue.

  • As an advertiser, it's important to make sure you're spending your money with the right people. It's easy for digital advertising companies to turn a quick buck using redirects and pop-ups, but its a dishonest tactic that doesn't actually drive any sales, just racks up clicks for them. Partner with a reliable attribution provider and try to take control and understand where your app installs are coming from so that you're not unknowingly participating in this fraudulent behavior.

Bottom line—redirects are bad for everyone in the advertising ecosystem, from the user, to publishers and advertisers. Putting a stop to them is in all of our best interests.

Topics:MalvertisingMalvertising 101Digital Engagement Security

Our blog

Where businesses come to learn more about protecting the points of digital engagement with their customers, audiences and users.

Subscribe to Updates