Malvertising – the “hidden” threat

Malvertising – the “hidden” threat

The following article is the sixth of a series of articles on Cyber Attacks and focuses on Malvertising


Malvertising, also known as malicious advertising, is a scam that takes advantage of online advertising in order to distribute malware to users’ devices with little or no interaction by them; first recorded in early 2008, it has become one of the major cyber threats.

How exactly can you get infected by Malvertising?

The malware behind malicious advertising can contaminate the users’ device in two ways: by clicking on the infected ad or by simply loading a web page.

In the first case the user visits a trustworthy website and loads a webpage, the webpage will present a pop-up ad or a warning alert, if the user clicks on it will automatically download malware to the victims’ device.

Cyber criminals will often buy advertising on platforms and post malicious advertisements however the issue becomes infinitely more troublesome when malvertising lives on reputable websites and doesn’t require much user interaction to become infected.

In either case the victim will end up with an infected device without even noticing. The malware that might be delivered can be wide ranging including spyware, key loggers and increasingly ransomware.

You say it won’t happen to your trusted websites?

Here are just few examples of affected websites over the past few years: Reuters, YouTube, Spotify, MSN, Yahoo, The Onion, the BBC… And the list goes on!

How can you avoid becoming a victim of Malvertising?

  • Always make sure you visit legitimate websites, whilst it is true that this type of scam could sit on a reputable websites, if you practice safe browsing you will at least reduce the chances of getting infected.
  • Run up to date software and always install the latest patches. Malware takes advantage of flaws in the operating and browsing system, if this is up to date the chances of getting infected will be less.
  • Run an Ad-Blocker on your browser, this will block any pop-up ad and filter most Malvertising attempts. As most websites rely on advertising for revenue, they may deny you access to the content unless you deactivate the ad-blocker, you still can choose not to run the ad-blocker on that page and access the content. It’s definitely advisable to download and run the software for a safer web experience.
  • Install an anti-exploit security software, this will monitor browser and plug-in activities and block exploit kits looking to take advantage of any vulnerabilities.
  • If your browser runs lots of plugins, delete all those you don’t really need. Malware takes advantage of plugins vulnerabilities, you should therefore only run the ones you really need and make sure these are click-to-play plugins, which deny Flash and Java unless you manually enable them.