Free Trial
Background blue


Choosing a
Anti-Malvertising Solution




People are increasingly tied to the internet and mobile devices – and the more time that consumers spend online, brands will have increasingly more opportunities to reach them there. Globally, the digital advertising market was valued at $90 billion in 2017, and is expected to reach $325 billion by 2026 .

Digital advertising is an attractive target for fraud, due to the enormous amount of money involved, and the sheer volume of transactions conducted on a daily basis. The value chain between brands and end users is complex, making the digital advertising ecosystem exceptionally vulnerable to bad actors.

One of the large opportunities for bad actors to conduct fraud is malvertising - short for malicious advertising. Malvertising happens when bad actors masquerade as real brand advertisers. A malvertiser procures a seat on any Demand Side Platform (DSP), and spends money to reach users just like any other advertiser would, but that’s where the similarities end. These bad actors include malicious JavaScript with their ads, which in turn executes on the end user’s device. When malvertisers are successful, they negatively impact the user’s experience, as well as the publisher's monetization. Left unsolved, the impact of malvertising on the target’s finances and reputation can be devastating.

Types of Malvertising

Malvertising can appear in many different forms. These include malicious redirects, cryptojacking, clickjacking, video stuffing, ad stacking, pixel stuffing, and more.

While tactics vary, malvertising is characterized by a growing sophistication of bad actors, and difficulty to detect and prevent attacks. There is a lot at stake: enormous amounts of money, brand reputation, and customer experience. It is critical that companies understand ad fraud and develop a strategy to detect it, and prevent it from affecting their businesses.


Types of Anti-Malvertising Solutions

Because digital ad fraud is an enormous business, affecting revenue, brand reputation, and the user experience, there are a number of malvertising detection and prevention solutions available. However, as ad fraud evolves and becomes more sophisticated, preventative measures must become more sophisticated as well.

Malvertising protection solutions fall into three primary categories: static scanning analysis, blocklist solutions, and behavioral analysis.

A static scanning ad fraud solution works in an offline environment - and is generally easily defeated by sophisticated bad actors.

How Can You Tell if You Need a Solution?

down graph image-1

Lack of digital ad performance
(monetization decreases)


website bounce image-1

Website analytics
(bounce rate increases, session depth/duration declines)


negative review image-1

Customer complaints
(direct, social media, etc)



Static Scanning Solutions


Static anti-malvertising solutions were the industry’s first attempt to fight ad fraud. These solutions leverage a sandbox, a virtual environment that mimics a live website. Ads can be deployed in the sandbox as a test: if a malicious payload (ex: redirect to a scam website) occurs, that ad is blocked from being uploaded to a live website. If no malicious payload is delivered in the sandbox, the ad is uploaded as usual.

Ad fraud has evolved beyond static scanning solutions. The most sophisticated fraud employs sandbox detection, where a bad ad holds back malicious code in the sandbox, only to deliver it on the live site. Common sandbox evasion techniques2 include delayed execution, hardware/CPU analytics, even user interaction analytics.


A blocklist-based malvertising solution is one where the code embedded in a digital ad is checked against a list of known dangerous elements. These elements, which may include website URLs, IP addresses, domains or mobile apps that have been associated with fraud and are therefore flagged to be avoided.

A blocklist is a resource-intensive solution, as it takes time and effort to update and brings latency to the page. The primary weakness of a blocklist is that fraud detection is only as good as the list: known indicators of fraud must be updated by human analysts. Unfortunately, it is also extremely difficult for a team of human analysts to keep up with the exponential growth of the malvertising. Bad actors committing fraud have learned to evade detection by disguising or frequently changing blocklisted characteristics: a dynamic evasion of blocklist detection.

Additionally, to help capture malicious URLs to place on blocklists, solutions providers will often use proxies (such as Charles) to record the malicious traffic. Bad actors will fingerprint the environment and look for these proxies - and if they detect them present, they will not execute their malicious code. This allows the bad actors to evade detection, while making it even more difficult to maintain an effective and up-to-date blocklist.

Behavioral Analysis

The most recent innovation in anti-malvertising solutions involves using advanced behavioral analysis to identify and prevent malvertising in real time. With the advanced sophistication of bad actors, behavioral analysis has become the most effective solution to detect and prevent malvertising.

To deliver the most effective malvertising prevention, the behavioral solution needs to operate in the same environment as the malvertiser. That requires the solution to operate client-side, on a real device, on a real network, in real time.

When operating in this manner, the solution is able to analyze the execution of JavaScript in the same environment that the customer is consuming content on the website, looking for anomalies or abnormal code execution.

When the behavioral analysis engine sees malicious code execution that should be prohibited from executing, the solution will block the malicious code in real time, preserving the user experience and publisher monetization.

Make Malvertising Unprofitable for Bad Actors

cleanAD’s behavioral analysis solution takes malvertising protection and prevention to a whole new level. Since these malvertisers masquerade as brand advertisers, they use real global advertiser creatives in their campaigns. It’s not the creatives themselves that are malicious, rather it is the underlying malicious JavaScript that executes on the end-user device once the creative has rendered on the page.

Since cleanAD operates at run time, it doesn’t block malvertisers from buying ads. Instead, it focuses only on blocking malicious JavaScript from executing. The bad actors in turn are buying ads, but not getting the engagement that they desire as cleanAD blocks the malicious code and preserves the user experience.

This makes malvertising unprofitable for the bad actors.

The result?

Bad actors will leave your website alone, and seek out an easier target with a less sophisticated anti-malvertising solution.

How to Choose the Best Anti-Malvertising Solution

First, assess existing fraud protections.

Do you currently have an anti-malvertising solution in place? What type of technology does it employ, and is it effective in countering ad fraud and malvertising that threatens your revenue and erodes the user experience? Have you experienced an increase in user complaints recently? Have you seen key financial metrics deteriorate when you wouldn’t expect them to?

Then, look for a solution that meets both current and future needs.

Once you understand the threat of malvertising, and the benefits of a preventative solution, you can choose a solution that meets both current and future needs.

Some features to consider include:

ADAPTIVE: a solution that automatically adjusts to a changing fraud landscape

REAL-TIME: a solution that analyzes code while it is deployed on a live site, with low latency, so that revenues and the user experience are uninterrupted

ATTENTIVE SERVICE TEAM: a solution that is complemented by a customer service team that is responsive and resolves issues fast

DEVICE-AGNOSTIC: a solution that works equally well regardless of device

DEMAND PARTNER AGNOSTIC: a solution that protects all demand sources on the page

FORMAT-AGNOSTIC: a solution that works across all digital formats including video, web page, etc.

MOBILE-OPTIMIZED: a solution that has been optimized to perform on mobile websites and applications

EASY INTEGRATION: a solution that can be implemented quickly and seamlessly across all sites

AUTOMATED: a solution that requires little or no oversight or manual intervention to perform



Finally, you should consider an anti-malvertising solution that will work for your company long-term. A solution that makes fraud unprofitable for bad actors will make your site a less attractive target in the long run. Fraudsters will move on to easier, more profitable targets, protecting your advertising revenue and website visitors from the negative impacts of ad fraud.

Choosing an anti-malvertising solution is difficult – the digital advertising environment is complex, and ad fraud is evolving, and becoming more sophisticated. Fraudsters have devoted resources to circumventing traditional ad fraud prevention solutions, such as blacklists and sandboxes. An effective fraud solution is adaptive, solving the fraud problem in real time wherever it occurs, with a minimum of manual intervention. Protect your revenues and the user experience with a future-proofed fraud solution, for long-term success.


Our mission is to empower publishers to proactively meet current and emerging malvertising threats head-on with transformational technology that is effective, smart and simple.

An innovative anti-malvertising security solution, cleanAD effectively protects publishers and their audiences and advertisers from malvertising attacks executed through the programmatic advertising ecosystem.

Want to give cleanAD a try?

Get a free trial to kick the tires and see how the platform works before committing.

Try it Free