We stand with Ukraine to help keep people safe. Join us

Tags Ads & Adware

What Is Malvertising and How Can You Protect Yourself From It?

Table of contents

Can you imagine going online without seeing at least one ad?  


While some are completely safe, others may be hiding malicious code inside. Yes, unfortunately, there’s a form of cyberattack that takes advantage of advertising to infect your device with malware. It’s also known as malvertising (who doesn’t like a good portmanteau?).


The worst part about this trick is how you never know if the ad you’re clicking on is legitimate. Even reliable websites can be injected with malicious software. Last year, Spotify was used for malvertising, and the personal data of thousands of its users was jeopardized.


What is malvertising? Should you be afraid of it all the time? And what are the most effective ways of protecting yourself? Keep reading to find out more.


Pro tip: With Clario’s real-time anti-malware protection, you’ll stop feeling insecure before clicking anything on the web. All it takes are a few simple steps to ensure your safety online:  

  1. Download Clario (no credit card required).
  2. Create an account.
  3. Check for malware in one click and turn on 24/7 antivirus protection in another.

Want to keep your browsing secret from advertisers? Clario's got you covered with an unlimited VPN and an ad blocker with an anti-tracking function. Keep your online life protected from now on!

What is malvertising?  

Malvertising is a popular tactic of using online ads to spread malware. The latter is a fancy name for programs designed to infect your device and cause all kinds of damage.  


Cybercriminals have learned to embed malware into otherwise safe ads all over the internet. Once the user clicks on the infected ad, malicious code gets into their computer or smartphone. Sometimes, merely visiting a website hosting such ads can result in an attack on your device.  


Malvertising vs. Adware

Malvertising is an embedded code in a malicious ad and is downloaded when you click on it or visit a website containing it. Meanwhile, adware is a malicious program that continuously runs on a device after it’s been installed.


If you suddenly see ads popping up everywhere and suspicious websites opening by themselves, adware has probably made its way onto your computer. Adware is targeted at individual users, while malvertising affects every user who interacts with the malicious ads.  

How does malvertising work?

The goal of malvertising is to make users click on a malicious ad. To do that, cybercriminals buy ad spaces on trustworthy and reliable websites, then post supposedly legitimate advertising. Alternatively, there can be a piece of code deep within a website that leads users to malicious and compromised servers.  


Malvertising comes in two forms: pre-click and post-click. Pre-click malvertising doesn’t require you to do anything — all that is needed is for you to visit the website. As you load the page, the malware loads onto your device too. And, as you may have guessed, post-click malvertising comes into action when you click on a malicious ad.  


But what happens when an unsuspecting user somehow interacts with a harmful ad?


Examples of malvertising

Both malvertising tactics, pre-click and post-click, help cybercriminals attack you in various ways. Let’s review some of them here.  



Most malware ads will redirect you to websites that specialize in phishing attacks. They are designed to trick you into handing over your personal information, such as Social Security Numbers or bank accounts. These ads and websites usually resemble legitimate-looking web pages similar to popular products. The Shlayer Trojan malware used an Adobe Flash Player update-like design as a disguise to trick users into clicking on it.  



Ransomware is a kind of malware that blocks access to your data and requires payment for releasing it. It can also threaten to leak your sensitive information online. Organizations that operate with sensitive data, like healthcare companies or law firms, are, unfortunately, perfect targets for ransomware. For instance, in 2017, the WannaCry ransomware attack targeted the British National Health Service along with other healthcare, communications, and bank companies.  



Spyware, as the name suggests, infiltrates your device, gathers data, and transmits it to third parties without your consent. Agent Tesla is one example of spyware that appeared in 2014 and was spread through phishing emails. Similar to commercial software, it was available to purchase online by anyone, presenting an opportunity for many threat actors.


Exploit kits  

Malvertising is also a way to distribute exploit kits. These are specific sets of tools that allow hackers to use the vulnerabilities of the victim’s system to their advantage. Once the user clicks on an infected ad, an exploit kit immediately starts scanning all applications on the device for security loopholes. These then serve as a “doorway” for different types of malware.  


Such kits can be a true gold mine for hackers. For example, threat creators behind Nuclear were making around $100,000 a month before the exploit kit was shut down.


We know it sounds scary; the internet is like a dark forest. But it doesn’t mean you have to keep out of it;you just need a flashlight and some protection before you enter.

How to protect yourself against malvertising

Even though cyberattackers know how to evade detection, you will leave them no chance by doubling up your online security. So, make sure you implement a few measures to stay safe online.  


Use an ad blocker

You can’t click on what you can’t see. An ad blocker is a simple and effective way to get rid of ads altogether, malicious or not. Some solutions also give you the flexibility of restricting advertising from selected websites.  


We recommend Clario's ad blocker. It’s featured in Clario’s web extension, an all-in-one solution that will keep all kinds of advertising, online tracking, and adware at bay. Clario’s browser extension is free and works with Chrome (you can install it right from the Chrome Web Store) and Safari (you’ll need to install it from the Clario app).

Clario ad blocker

Install antivirus software on your device

Installing cybersecurity software has proven to be the most efficient form of anti-malvertising protection. Clario is an all-in-one cybersecurity solution that protects your devices from different forms of malware. You’re only four steps away from a practical solution to all your malware-related worries:  

1. Download Clario and create an account.  

Create a Clario account

2. With a one-button click, check your device for malware.

Run a quick anti-malware scan

3. Turn on 24/7 real-time antivirus protection to prevent any further malware attacks.

Turn on real-time antivirus

Malvertising is one of the trickiest types of cyberattacks because it preys on our gullibility. When you realise how visiting a legitimate-looking website can be enough to activate a malicious ad, you stop trusting what’s on the web. We don’t want you to think there’s always someone out there trying to trick you into revealing your data. At the same time, it’s always a good idea to stay focused on the internet and take everything with a grain of salt.


Plus, if you follow our tips, you’ll have fewer chances of stumbling upon infected apps and being affected by malvertising. So install that antivirus and surf away — cybercriminals hate tech-savvy users.

Keep reading

Don’t let adware spreaders get to your private info. Keep it safe!

Get started