Loading the Elevenlabs Text to Speech AudioNative Player...

Online Safety and Privacy

|

4

4

Min Read

What Is Malvertising? How to Avoid Online Ads That Spread Malware

Malvertising is a way criminals can try to trick you using advertising on legitimate websites – here’s what to do to protect yourself.

Most of us know to avoid clicking strange links in emails or text messages. But what about eye-catching online advertising plastered on a website you trust? 

That's the danger of malvertising, a cybercrime tactic that uses online advertisements to spread malware, steal information, or redirect users to malicious websites. Malvertising often hides within legitimate advertising networks and can appear on reputable websites, making it difficult for both website owners and visitors to detect. 

What is malvertising?

Malvertising, "malicious advertising" mashed up, occurs when cybercriminals use online advertisements to deliver malware or direct users to fraudulent websites.

These ads usually look completely legitimate. In many cases, attackers submit clean advertisements to trusted advertising networks for a time to build a positive reputation before later modifying the ad to include malicious code. As a result, harmful advertisements can appear alongside legitimate content on popular websites, news outlets, or shopping platforms. They can even show up as ads in Google searches!

The goal of malvertising can vary. Some hackers aim to install malware on a victim's device, while others seek to steal login credentials, trick users into downloading fake software, or redirect them to scam websites.

How does malvertising work?

Malvertising attacks exploit the complex ecosystem of online advertising. Website publishers often display advertisements from a third-party advertising network without directly vetting the ads. If a criminal manages to place a malicious ad within that network, visitors to the website can be exposed.

Sometimes, users become infected after clicking the ad. In other cases, simply loading the advertisement may trigger a "drive-by download" – the user won't even realize anything unusual has happened until malware is already installed on their device. Because these advertisements can appear on otherwise trustworthy websites, victims may lower their guard and assume the ad is safe.

Identifying malvertising

Malvertising can be difficult to spot, but there are some warning signs to watch for.

  • Unexpected pop-up advertisements

  • Web pages that suddenly redirect to another site

  • Ads promoting urgent software updates

  • Sudden pop-up virus warnings or security alerts

  • In-text advertisements that seem suspicious or unrelated to the content

  • Downloads that begin automatically without your permission

If an advertisement seems too good to be true or creates a sense of urgency, never click.

How to protect yourself from malvertising 

While there is no cybersecurity silver bullet, some best practices can reduce your risk. To start, having long, strong passwords and always enabling MFA can help foil a malvertising attack.  

Keep your software updated 

Cybercriminals exploit known software vulnerabilities. Installing updates for your operating system, browser, and applications helps close security gaps that attackers may target. Turn on automatic updates to simplify this process. It's worth the few minutes it takes. Keeping software updates current helps prevent the “drive-by-download" type of attack.  

Use security software 

Reputable antivirus and anti-malware tools can help detect and block malicious downloads before they infect your device. Check to see if security software comes with your device's operating system.  

Think twice before clicking an ad 

With malvertising, even ads that appear on trusted websites may not be safe. You don't have to click on ads – you can research the company or product to get a sense if it’s legitimate and find a way to get on the trusted website independent of the ad. Sudden requests to download browser extensions can also be malvertising – we recommend just not downloading any extension you’re prompted to download.   

Use a secure browser 

Most modern browsers (Chrome, Safari, Firefox) include security features that can identify potentially dangerous websites and block known malicious content. 

Avoid suspicious websites 

Malware and malvertising thrive on the seedier side of the internet – this is why it's a good idea to avoid pirating or file-sharing sites, for example. Scammers will also try to engage in malvertising by "typo" squatting in search results, especially in app stores or browser extension marketplaces. Read carefully and look at reviews when you’re looking up an app. Otherwise, you might get a malicious, or at best, an insecure app when you thought you were getting something legit.

Stay alert about ads 

Malvertising shows how threats can appear in unexpected places, even on websites you trust. But by following some best practices, you can reduce your chances of an incident. Sign up for our free email newsletter for more tips!

FAQs 

What is malvertising? 

Malvertising is a cyberattack that uses malicious online advertisements to spread malware, redirect users to scam websites, or steal sensitive information. 

Can you get malware without clicking an ad? 

Yes. Some malvertising campaigns use "drive-by downloads," where malicious code runs automatically when an ad loads in your browser, even if you don't click it. 

Can trusted websites display malicious ads? 

Yes.  

How can I protect myself from malvertising? 

Keep your software updated, use reputable antivirus software, enable browser security features, and avoid clicking online advertisements. 

Featured Articles

Stay Safe on Facebook Marketplace: How to Avoid Online Marketplace Scams

Online marketplaces like Facebook marketplaces are, unfortunately, a common place to find scammers – here’s what you can do to shop safe online.

Password Managers

Is No Password the Best Password? How Passkeys Work

The future of logging in may already be in your pocket.