What Is Malvertising and How Do You Prevent It?

February 18, 2023 • Shannon Flynn


Have you ever clicked on a harmless-looking ad — on a legitimate website, no less — that gave your computer a virus? Or, maybe you visited a site that was suddenly inundated with popups redirecting you to another, completely spammy page, and hitting the back button was futile. If so, you’ve probably experienced malvertising. But what is malvertising, exactly, and how can you defend yourself against it?

Explaining Malware, Adware and Malvertising

These three terms are similar, but they have important distinctions. 


Malware is a portmanteau of “malicious” and “software.” As the name suggests, it’s a type of software that harms your computer. It usually takes one of three forms: viruses, worms or trojans. More than 91% of malware uses the Domain Name System (DNS) to launch cyberattacks. Malware can modify and delete files, reduce computer performance and collect personal data. 


What is malvertising? This relatively new cyberattack method involves hiding malware in an ad. Cybercriminals can publish infected ads on a legitimate site by buying ad space, and since people create billions of ads every day, search engines can’t properly vet all of them. A few infected ads inevitably slip through the cracks. 

Some ads automatically download malware onto your computer when you scroll past, which is called drive-by malvertising. Other malvertising requires you to click a link. In either case, the website publisher is often unaware that the ad contains malware, and infected ads can appear even on the most reputable websites. 

Malvertising may install spyware, which tracks your keystrokes to steal sensitive information. Hackers can then access your credit card number, usernames, passwords and other personal data. 

Malvertising can also use an exploit kit, a type of malware that scans your computer and exploits weaknesses in the system. Remember Adobe Flash? The main reason Adobe retired its beloved plugin software was due to security vulnerabilities. After finding weak spots in the code, hackers could easily use Flash to run drive-by malvertisements, and anyone who watched the animated ads would find their systems infected. 


It’s important to distinguish malvertising from adware. The latter is a form of ad-generating software that targets individuals with personalized or relevant ads. 

Although some forms of adware also serve as spyware, many do not. This means that adware is sometimes a form of malvertising, but not always, so it isn’t automatically a cybercrime.

How to Prevent Malvertising Attacks

Use the following methods to keep malware off your computer:

1. Install Antivirus Software

Any cybersecurity plan worth its salt involves antivirus software. If you’re surfing the web unprotected, then you’re susceptible to malware attacks and more. 

Always keep your antivirus program up to date. Updates often include patches that target specific malicious software.

2. Install Ad Blocking Software

An ad blocker prevents ads from showing up on a web page. While it may not stop drive-by malvertising, it can ward off pop-ups and keep you from accidentally clicking a malicious link. Plus, it improves page-loading speed and makes internet browsing a lot smoother. Who wants to constantly fend off ads?

4. Don’t Click on Promotional Content

If you see an ad for an interesting product or service, look it up on a search engine rather than clicking the ad. Or, if the ad includes the website’s name, type the URL directly into the address bar and search for it that way. 

Both of these methods allow you to see if the company is legitimate. They also bypass any malware you might download if you click the malicious link. 

What Is Malvertising? 

Malware isn’t always obvious. Although everyone’s seen a pop-up claiming they won an iPhone, most malvertising is subtle and embeds itself on reputable sites. 

Use antivirus and adblocking software to your advantage. And no matter how appealing an ad may be, always look up the promotion, product or service online instead of clicking the ad.