Cybersecurity 
The main difference between an attack vector and an attack surface is that an attack vector is the specific way a cybercriminal can take advantage of
6 min read
Published on August 15, 2023
Malvertising–also called malicious advertising–is when cybercriminals use advertisements to infect devices with malware. Malvertising can appear on any advertisement you see online, you don’t necessarily have to be on a malicious website to be a victim of this cyber threat. When a victim is exposed to a malvertisement, their device and data are at risk of being compromised, even if they don’t interact with the advertisement.
Continue reading to learn the dangers of malvertising and how you can protect yourself against this type of threat.
Malvertising vs Adware: What’s the Difference?
Malvertising and adware are sometimes used interchangeably, although they’re not the same. The main difference between adware and malvertising is that adware is a program that gets sneakily installed on your device without you knowing, then displays personalized pop-up advertisements. Malvertising, on the other hand, affects any advertisement you see online and doesn’t have to be installed on your device for you to see it.
Adware, short for advertising-supported software, is a type of malicious software that can be installed on your device in two different ways: downloading it on accident or via a malicious website executing the download without your knowledge or consent. When the adware is installed, it’ll start tracking your web activity and display personalized pop-up advertisements based on your activity. While most adware typically won’t cause any harm, some adware will. Adware is also intrusive and should be removed immediately when you notice it on your device.
How Malvertising Works
Malvertising works by injecting malicious code into legitimate online advertisements that are typically displayed on websites with high traffic. Malvertisements are also created by cybercriminals creating and submitting malicious advertisements to advertisement networks.
Malvertisements often contain messages to convince unsuspecting users to click on them. For example, a malvertisement may display a warning saying “Your device is infected! Scan Now!” However, clicking on the malvertisement will immediately infect the user’s device with some type of malware or have them redirected to a malicious website.
With certain types of malvertisements, the user won’t even have to interact with the advertisement to have their device become infected. For example, the malvertisement can initiate a drive-by download attack in which the malvertisement immediately starts infecting the user’s device when they’re viewing the page where the advertisement is being displayed.
Example of Malvertising
Here’s what a malvertisement may look like.
The Dangers of Malvertising
The main danger associated with malvertising is having your device become infected with malware or other viruses like spyware, ransomware and keyloggers.
Spyware
Spyware is a type of malicious software that is used to spy on users. When spyware is installed on a user’s device it can watch the user’s screen, access the microphone and camera, and take screenshots of whatever the user is doing.
Ransomware
Ransomware is another type of malware which encrypts a user’s device, network or other data, preventing them from accessing it until they’ve paid a specified amount of money (ransom). Even if the victim does pay a ransom, there’s no guarantee that the cybercriminal will give them access to their data again.
Keyloggers
Keyloggers, also known as keylogging software, is a type of spyware that tracks user keystrokes. Keyloggers are a serious threat as they can expose user login credentials and credit card details. Keyloggers are also extremely hard to detect, so user data may already be compromised by the time the user realizes that this malicious software has been installed on their device.
How Can I Protect Myself Against Malvertising?
A few ways you can protect yourself against malvertising include using a password manager, installing an ad blocker, being cautious with links, keeping software up to date and not using Flash or Java.
Use a password manager
With any type of cyber attack, a cybercriminal’s main goal is to steal data to use for their own malicious purposes such as selling it on the dark web for their own financial gain. Because of this, it’s important that you secure your data by securing your online accounts. The only way to do this is by using strong, unique passwords for each of your accounts.
We recommend using a password manager to help you in creating and securely storing all of your passwords, so you don’t have to remember them all on your own.
Install an ad blocker
Ad blockers do exactly as their name implies,–they block advertisements. Ad blockers are apps, plugins or extensions you can install on your device that scan the contents of a webpage as it loads. When the ad blocker detects an advertisement, it’ll stop that portion of the page from loading which will prevent it from appearing on the user’s end.
While ad blockers won’t prevent you from falling victim to all types of malware, they can help you from falling victim to malvertisements specifically.
Some antivirus software also offer ad blocking services. Antivirus software is a type of program you install on your device that detects, isolates and removes malware and other viruses before they are able to infect it. Antivirus software with ad blockers can be helpful in blocking malvertisements from infecting your devices.
Be cautious of what you click
While malvertising can get installed on your device without you clicking on anything, it’s still important that you’re cautious of what you’re clicking. Rather than click on an advertisement, go to the associated website of the advertisement by manually typing the website address into your browser.
Keep your devices, browsers and software up to date
When it comes to distributing malware, cybercriminals use exploit kits to spread it. Exploit kits are used to determine and exploit vulnerabilities on a user’s device so they can successfully infect it with malware. Exploits kits look for devices, browsers and software that aren’t up to date because they’re easier to exploit.
It’s crucial that whenever a new update becomes available on your device, browser or any other software, that you update it immediately. These updates don’t only contain new features, they also patch existing vulnerabilities that cybercriminals are looking to exploit so they can infect your devices with malware.
Avoid using Flash and Java
To protect yourself against malvertisements it’s also best to disable or get rid of Flash and Java. Flash and Java are known for being exploited by malvertising since they’ll automatically play advertisements as soon as you go onto a webpage that displays them, which places your devices at risk of becoming infected.
As an extra precaution, you should also enable the “click-to-play” plugin on all of your browsers. This plugin prevents Flash and Java from playing advertisements automatically on a webpage. You can enable this plugin by going to your browser’s settings.
Stay Safe From Malicious Advertising Online
Malvertising is a cyber threat that targets anyone online, so it’s important that you take steps to protect yourself from it. Any website you visit online–even the most popular ones–can have malvertisements displayed without the publisher or you knowing.
Following cybersecurity best practices like the ones mentioned above can help keep you, your devices and your data protected at all times.
