Malvertising - What is It and How to Protect Yourself as a Publisher?

July 23, 2020

Have you ever heard of malvertising? Or have you actually been affected by it? If yes, you are well aware how tricky it can be, and if not, well, keep on reading and we’ll tell you. In this article we’ll explain what malvertising is, how it affects the readers, and why should you care as a publisher. In the end, we will also introduce several options how to possibly fight malvertising, and protect your readers and your webpage against it.

What is Malvertising and Why is It Bad for Publishers?

Malvertising is a special type of malware, which is a malicious software that infects the webpage visitor’s computer and initiates actions they would not take themselves – it is basically a form of hacker’s attack. Malvertising is a combination of words malicious and advertising, and so the malicious software is hidden in a code behind an ad that is served on a publisher’s server.

The problematic part of malvertising is that the infected ad looks just like any other legitimate ad served on a page. Not even the publishers are aware they are serving a malicious add on their site. Due to the complexity of programmatic advertising, it is nearly impossible to control every ad that wins the auction and is served to the reader. Many of the most trusted publishers have served malicious ads in the past without knowing it – such as New York Times, BBC, or Yahoo. However, there do exist a few ways to mitigate the risk of serving a malicious ad on a publisher’s page, and we’ll talk about them in a bit.

Let’s establish two more things before diving deeper into malvertising. What is actually the reason people hide malicious codes behind ads, and why is it so bad for publishers if it infects the visitors? Well, the answer to the first question is easy – money. The code injected behind an ad can cause many actions including stealing the visitor’s financial data. That brings us to the second question. If a visitor visits your website, and is served an ad that causes them troubles, they are most likely to never visit your page again, leading to the loss of traffic and ad revenue. Which is a thing all publishers would like to avoid.

How Does it Work – How Does a User Get Affected?

There are two ways a visitor can get affected by the malicious software hidden behind an ad.

1. Without clicking on the malicious ad

The tricky part of malvertising is that users do not even have to click on the malicious ad to run into troubles. Loading a page with the vicious ad is often enough to infect the user’s device. This way of malvertising attack is known as drive-by download. Just loading the web page hosting the spam ad is enough to trigger the malicious activity which leads to the infection of the user’s computer.

2. By clicking on the malicious ad

The second way a user can get affected is actually clicking on the ad, while believing it is a legitimate ad.      

What Happens After a User Engages with Malvertising?

After a visitor is exposed to the malicious ad, several actions can follow. Among the most common ones belong installing:

  • Ransomware – a type of malware which locks a user out of their device and demands a payment to get it back. Ransomware can also encrypt the user’s files, and again require a payment in order to restore them.
  • Spyware – allows for full access to the computer, observes the user’s activities and reports it back to the software’s author. In this way any passwords and financial or sensitive information of the user can be exposed.
  • Adware – adware is a very common type of malware where a user is repeatedly exposed to pop-up ads on their computer. The purpose of such ads is for the user to eventually click one of them, and install another software which is usually paid for.    

None of these actions are naturally desired by the user, and can even happen without the knowledge of the visitor, such as when being affected by spyware. For that reason, it is important for the readers as well as for publishers to engage in actions that prevent crossing paths with malvertising in the first place.

What Do You Need to Know as a Publisher?

How does malware get to the publisher’s page?

There are several ways how malware can get served on your website through a malicious ad. As we mentioned a user can get affected by malware even when they don’t click on the malicious ad after all. That means there are different ways of how malware can be inserted into ads raging from within a pixel to an injected post-click.

Among the common ones belong:

  • Malware within a pixel – a regular pixel on a webpage sends data when a visitor enters the page for tracking purposes, however, if it’s hacked, it can send a malicious code to the user’s device, and provoke an undesirable action. In this way the user does not even have to click on the ad.
  • Malware in a post-click – this is a way how a user gets affected after they click on the ad. Instead of being redirected to a regular ad landing page, they end up at a different page of the attacker’s preference.
  • Malware within a video video ads are especially tricky, as video players do not protect against malware. There are
Video ads
  • several ways how a user can get affected by a video. Even without playing it, a reader can get exposed to the malicious code, as it can be inserted in the pre-roll featured image. Or, after a user sees the video, there can again be a URL inserted that takes the reader to a false landing page.

What are the effects on the readers?

Users are by now usually aware of the possibility of malicious ads, and often try to protect themselves by installing good antivirus programs, or not using Java, Adobe Reader or Flash codes to lower the possibility of coming across a bad code. Sometimes readers install ad blockers, which can then directly lead to lower ad revenue of the publisher.

When a user does not protect themself, and ends up being affected by the bad ad, they are most likely to never come back to your page, and moreover they may tell people about their poor experience. The subsequent effects are a publisher’s damaged reputation, loss of traffic and ad revenues.

How Can You Protect Yourself from Malware as a Publisher?

To protect your webpage and your readers as a publisher, you can cooperate with several companies that offer technology to identify the ads infected with malicious codes.

  • Confiant – Confiant offers an ad verification technology that should be able to automatically identify and block all types of malicious creatives in real-time.
  • Geoedge – GeoEdge’s technology guards against non-compliance, malware, inappropriate content, data leakage, operational, and performance issues.‎
  • Adwizard – Publift itself has developed a technology that offers many features including the blockage of bad ads. Our Google Chrome Extension gives users the ability to make informed decisions about ads on a webpage in real time. A user can view information from the ad server and header bidding performance all in one place, and premium users and Publift members have the added benefit of identifying problematic ad units and blocking them with a single click.
Using Publift's Adwizard for brand safety


Malvertising is an on-going issue when a malicious ad containing a bad code is served on a publisher’s page, often without the knowledge of both the publisher and the reader. Only by loading the page and viewing the ad, it can infect the visitor’s device by different types of malwares causing the loss of data or access to their device.

By that it negatively impacts the publisher’s reputation and leads to subsequent loss of traffic and ad revenue. Publishers should engage in protecting their readers and their webpage from malicious ads by installing one of the technologies available on the market. Get in touch with Publift to find out more about Adwizard which is protecting more than a thousand publishers on the market.

Calculate your potential