Skip to content Skip to navigation Skip to footer

What Is Malvertising?

Malvertising Definition

Malvertising refers to malicious advertising that cybercriminals use to inject malware into users' computers when they visit malicious websites or click on an ad online. Malvertising may also direct users to a corrupted website where their data can be stolen or malware can be downloaded onto their computer.

How Does Malvertising Work?

Malvertisements are spread through the Internet, appearing on both illegitimate and legitimate websites.

In many cases, an advertiser may not be able to tell the malvertisement is malicious, so they run it, thinking it is harmless. After the advertiser agrees to run the ad, it gets sent via a server to otherwise harmless websites. After a user clicks on the malvertisement, code starts running in the background, causing it to potentially download malware onto the user's computer. This is referred to as a drive-by download. These have resulted in so many infections that, according to the New York Times, the U.S. government had to remove malware from the Internet to reduce the chances of Russian attackers using them to breach networks.

In some cases, the user does not even need to click on the malvertisement for the drive-by download to be successful. As long as they load an infected webpage or landing page, the malware can be downloaded. If someone clicks on malware, however, they may get sent to a different webpage designed to exploit vulnerabilities in their browser when it displays ads. This type of exploit is different from an exploit kit, which is a malware hacking toolkit attackers use to try to take advantage of their victims’ systems.

How To Identify Malvertisements

Malvertisements have a few distinct traits that can make them easy to spot if you know what to look for, including:

  1. Ads that look sloppy or unprofessional
  2. Ads with spelling mistakes
  3. Ads that have unrealistic promises, such as amazing cures
  4. Ads talking about celebrity scandals
  5. Any ad that advertises something that is too good to be true
  6. Ads that do not seem to align with your recent search activity
Six Traits of Malvertising

What Are the Risks of Malvertising?

Malvertising comes with considerable risks that can threaten your computer, network, or mobile device. Here are the three most common dangers of malvertising.

1. Inoperable Computers and System Networks

Because a malvertising campaign can result in malware being downloaded onto your computer or into your network, one of the primary threats it presents is a complete or partial computer breakdown. Malware of any type, including ransomware, adware, bots, and other malicious software, can be downloaded onto your computer by a malvertisement without you knowing.

Once the malware is on your computer, it can infect your system on its own, rendering it inoperable, or set the stage for a hacker to penetrate your system later on. The attacker can then inject malicious code into your computer that renders it inoperable.

2. Hardware Failure

A harmful file from a malvertisement can attack your computer by overburdening the processors or taking up all its random access memory (RAM). This can cause your computer to overheat and result in the failure of hardware components connected to the motherboard. Also, it's possible for some hardware components, such as your computer’s camera, to be hacked by malware introduced by a malvertisement.

3. Data Loss and Data Theft

Malware from malvertisements can be programmed to steal your data. They can also leave backdoors open for thieves to come in and steal your data or that of your customers and clients at a later date.

Malvertisements can also install spyware onto your system, which can spy on your activity, including how you enter your login credentials on websites. These are called keyloggers, and if they are running on your system, they can record your login info for everything, from your email to your bank account. They can then send that information to a hacker who can either sell it or try to exploit it themselves.

Malvertising vs. Ad Malware

Although somewhat similar, malvertisements and ad malware are distinct. Malvertising in cybersecurity results from criminals using malicious ads within ad networks. The ads then appear on a web page and impact visitors.

Ad malware is different. This type of malware gets installed on a user’s computer and inundates the machine with unwanted advertisements. 

Keep in mind, though, that malvertisements can also be a vehicle for getting malicious adware installed on someone’s computer.

How To Prevent Malvertising

You can prevent malvertising using several different methods, from installing software to adjusting your settings to simply avoiding advertisements altogether.

1. Install an Ad Blocker

If you install an ad blocker, ads will not pop up on your screen, including malvertisements. This way, when you go to a webpage with malvertisements on it, you will only see the webpage’s content and not the fake ads hackers have worked into the advertising network.

2. Turn On Click-to-play for Your Browsers

Your browser has a click-to-play option, so any content that needs a plugin to play is disabled unless you specifically choose to click on it. With click-to-play enabled, you can be protected from malvertisements that automatically run when plugin content loads on a page.

3. Use All-around Antivirus Software

Antivirus software can be a powerful deterrent against malvertisement because it is designed to prevent particular kinds of malware, including malvertising. The key is to keep your antivirus software updated. If a new type of malvertising gets introduced to the internet, you want to ensure your antivirus can identify it and protect your system.

4. Identify Ads That Seem Illegitimate

If you see an ad that looks as if someone just haphazardly threw it together, if could be malvertising. Malvertisers may not put the time and effort into designing a polished, professional-looking ad in the same way a professional ad company would.

You should also check for spelling errors. Malvertisement designers who hail from other countries may target people in your language but make obvious errors. If you see spelling errors in an advertisement, do not click on it.

Any ad that contains promises that seem unrealistic may be clickbait tempting you to click on a malvertisement. Do not click on ads like this even out of curiosity. You should also keep in mind that if you do click on one, you may not even notice that malware has been downloaded, so even if nothing happens after you click, your computer can still be compromised.

You can also choose to never click on any ads that show up on your computer. In this way, any malvertisements that require a click to be activated will not be able to penetrate your system. If you are interested in a product or service, you can look up the company in the ad and inquire directly through email or via a phone call. This way, you avoid malvertisements and the various types of malicious code they can introduce to your system.

How Malvertisements Affect Web Users

1. Drive-by Download

In some cases, you do not have to click on malvertising for it to impact your device. With a drive-by download, for example, the viewer merely sees an ad on their screen and because they are interacting with the malware’s domain, it gets downloaded onto their device automatically. In many cases, there is no indication—at least at first—that the device has been infected. Soon, however, the user may notice it is slowing down, running too hot, or quitting applications out of the blue.

Does this fit the standard malvertising meaning? Yes, this aligns with the accepted malvertising definition because even though the user does not have to click on the content, the attacker is still using an advertisement to attack their system.

2. URL Malvertising

Another way malvertising affects users is through URL malvertising. What is URL malvertising? It happens when your browser gets forcibly redirected to a malicious site. What is a malvertising attack in this context? When you get sent to the fake site, you may try to click on something to navigate away from it, and that clicking action installs malware on your device.

Examples of Malvertising

Here are some recent examples of malvertising:

KS Clean

The KS Clean malvertising attack consisted of adware concealed in an otherwise benevolent mobile application. It targeted people through ads that could download malware. Once the individual clicked on the ad, the malware would start secretly downloading in the background.

The user would have no idea they were under attack. The only sign would be a warning saying they needed to upgrade the app because their phone had a security issue. If the target clicked the OK button, the installation would be completed and the malware would automatically obtain administrative privileges. Once these privileges were established, the user would start experiencing continuous pop-up ads on their phone. In addition to being an annoyance, these ads could also lead to sites that contained other threats.


RoughTed arrived on the malvertising scene in 2017. It was unique in that it could get around ad blockers and circumvent many antivirus programs.

To avoid being detected by defense systems, RoughTed created new URLs. Antivirus programs inspect the URLs of potential threats to see whether they match confirmed malware. They block any download associated with a known dangerous URL, and because RoughTed could change its URL, such types of protections were ineffective.

How Fortinet Can Help

You can use FortiSandbox to trap malware that has penetrated your system, whether it came from a malvertisement or another source. It confines what an application can do and where it can go, trapping it inside a safe, quarantined area. At that point, the rest of your system and network are safe. Cybersecurity administrators can then study the malware or simply discard it. When analyzing the actions of malware, admins can learn its behavior and use this information to bolster threat intelligence to defend against that and similar attacks in the future.

Also, the Fortinet Secure Web Gateway (SWG) can protect your business from malicious traffic. It can identify a threat before it enters the network and then discard relevant data. This is accomplished using secure sockets layer (SSL) inspection, which is able to detect malware even if it is hidden within encrypted data.


What is malvertising?

Malvertising refers to malicious advertising that is used to inject malware into users' computers when they visit a website or click on an ad on the internet.

How does malvertising work?

Malvertisements are distributed through the internet, appearing on both illegitimate and legitimate websites.

What are the risks of malvertising?

Malvertising comes with considerable risks that can threaten your computer, network, or mobile device including; inoperable computers and networks, hardware failure, and data loss.

How to identify malvertisments?

Malvertisements have a few distinct traits that can make them easy to spot if you know what to look for, including sloppy or unprofessional-looking ads, spelling mistakes, unrealistic promises, or celebrity scandals. If an offer appears too good to be true, beware.