What Is Malvertising? How Malicious Ads Infect Hosts

A user opens the New York Times, reads an article, clicks nothing, and closes the tab. Ninety seconds later their endpoint is encrypting files. No phishing email, no downloaded attachment, no visited sketchy site. The only thing that happened is an ad loaded in the corner of a page they trusted. That ad carried an exploit, the exploit fired against an out-of-date browser plugin, and a ransomware payload landed without a single deliberate user action. This is not hypothetical. In March 2016 a malvertising campaign did exactly this across the New York Times, the BBC, MSN, AOL, and Newsweek, using the Angler exploit kit to push ransomware.

That is malvertising: the delivery of malware through online advertising. The attacker does not build a malicious website and lure victims to it. They poison the ad supply chain so that legitimate, high-traffic sites serve the malicious ad themselves, to their own real audience. The trust the victim places in the publisher becomes the attacker's delivery mechanism.

This guide covers what malvertising is, how the ad-tech supply chain lets it happen, the difference between a click-required and a no-click drive-by, how it compares to adware, the real campaigns worth knowing, and how a defender detects and prevents it. It is written for blue teamers who have to explain how a host got infected when the user swears they did nothing wrong, and who are usually right.

What is malvertising?

Malvertising, a contraction of "malicious advertising," is the use of online advertisements to distribute malware. The attacker injects malicious code into an ad, gets that ad accepted into a legitimate advertising network, and lets the network's own distribution deliver it across the websites that run those ads. The infection reaches the victim through the ordinary, trusted process of a web page loading its ads.

The defining trait is the delivery channel, not the payload. A malvertising attack can drop ransomware, a banking trojan, an infostealer, a cryptominer, or adware. What makes it malvertising is that the vehicle is the ad ecosystem rather than an email, a USB drive, or a download the user sought out. That distinction matters because it changes who the victim trusts and what the defender has to watch.

Two properties make malvertising dangerous in a way a malicious website is not. First, reach: a single poisoned ad placed into a major network can appear on thousands of reputable sites at once, in front of their combined audiences. Second, trust: the malware arrives on a domain the user has no reason to distrust, served by a publisher with a real reputation. The user did not wander somewhere risky. The risk was delivered to a place they already considered safe. This is part of why a strong network security posture cannot assume that traffic to reputable domains is automatically benign.

How malvertising works

To understand malvertising you have to understand that a modern web ad is not a static picture chosen by the publisher. It is code, often JavaScript, selected and delivered in milliseconds through a chain of intermediaries the publisher never directly sees.

When a page loads, the publisher's ad slot is auctioned in real time through ad exchanges and networks. An ad is chosen, its creative is pulled from a third-party server, and that creative runs in the user's browser. The publisher (the New York Times, say) never handled the ad's code and frequently cannot see it. That opacity is the gap malvertising exploits.

Attackers get into that chain in a few ways:

• Submit a malicious ad directly. They sign up as an advertiser and submit creative that looks clean during review, then swaps in malicious behavior later, or that hides its payload from the network's scanners.
• Compromise or impersonate a legitimate advertiser. They take over an advertiser account, or buy an expired domain belonging to a real ad firm to inherit its reputation and its access to premium inventory. The 2016 Angler campaign used exactly this trick: an actor acquired the expired domain of a small legitimate ad company to gain high-quality traffic from top publishers.
• Compromise the ad-network infrastructure. They breach a third-party ad server and inject code into ads that were already approved.

Once the malicious ad is in the network, the network distributes it like any other. The publisher serves it, the browser runs it, and the attack begins. From there malvertising splits into two modes, and the difference is the single most important thing a defender needs to understand about it.

Post-click. The ad is a lure. The user clicks it and is redirected, through one or more cloaking hops, to a fake download page, a tech-support scam, or a site hosting an exploit kit. This is the common case and it still requires the user to act.

Pre-click (drive-by). The malicious code runs as the ad loads, before and without any click. If the user's browser or a plugin has an unpatched vulnerability, an exploit kit embedded in the ad can trigger a drive-by download and install malware while the user simply reads the page. This is the dangerous case, because the user did nothing wrong and there is no click to blame.

A recurring technique across both modes is cloaking: the malicious ad fingerprints the visitor (operating system, browser, geolocation, whether they look like a security researcher or a sandbox) and serves a clean ad to anyone who might inspect it while serving the attack only to viable victims. Cloaking is why malvertising survives ad-network review, and modern operators now rent cloaking infrastructure as a service, which lowers the skill needed to run a convincing campaign.

Malvertising vs. adware

Malvertising and adware both involve advertising and malware, which is why they get confused. They sit at opposite ends of the process.

The clean way to hold the distinction: malvertising is how the malware arrives; adware is one of the things it can leave behind. A malvertising attack can install adware, but it can equally install ransomware or an infostealer. Adware, once present, generates and injects ads locally on the host and does not need the ad network at all. One is a delivery channel in the cloud; the other is unwanted software on the endpoint.

Real malvertising campaigns

Naming real cases shows the range, from mass ransomware delivery to ad-blocker-proof operations to mobile.

The 2016 Angler ransomware campaign. Over a weekend in March 2016, researchers at Trustwave, Malwarebytes, and Trend Micro reported a major malvertising surge that hit the New York Times, the BBC, MSN, AOL, Newsweek, and others. The ad networks behind those sites were tricked into serving malicious ads that redirected to the Angler exploit kit, which dropped the Bedep loader and ransomware onto vulnerable hosts. The actors had acquired the expired domain of a legitimate ad company to access premium inventory, and the activity surged sharply over the weekend. It is the canonical example of malvertising delivering ransomware to mainstream-site audiences with no click required for the vulnerable.

RoughTed (2017). Malwarebytes documented RoughTed as a large malvertising operation that peaked in March 2017 and drew over half a billion hits across thousands of publishers, some in the top tier of global traffic. Its signature was bypassing ad blockers: it used dynamically generated URLs and Amazon's CDN to evade Adblock Plus, uBlock Origin, and AdGuard, then fingerprinted each visitor to serve the right payload, scams, fake extensions, or exploit kits, by operating system, browser, and country. RoughTed is the case that broke the assumption that an ad blocker is sufficient defense.

KS Clean (mobile). Malvertising is not desktop-only. KS Clean was Android malvertising that pushed a fake system "security" notification through a malicious ad; tapping it prompted an in-app update that installed adware which then served persistent full-screen ads. It illustrates the mobile pattern: the malicious ad masquerades as a system or security alert and abuses the app's own update flow.

The through line: malvertising scales with the ad network, hides from casual inspection through cloaking, and adapts its payload to the victim. The publisher's reputation is borrowed, not breached in the usual sense, which is what makes the technique resilient.

How to detect malvertising

Detection is hard precisely because the activity rides on legitimate sites and legitimate ad infrastructure. There is no obviously malicious destination in the logs. A defender works the edges.

• Watch for infections with no plausible user vector. The strongest signal is a host that got malware while the user did nothing that explains it: no phishing click, no download, no risky site. When the only activity is normal browsing on reputable sites, malvertising belongs at the top of the hypothesis list.
• Inspect web and proxy logs for the redirect chain. A page load on a trusted domain followed by a rapid hop through several unfamiliar ad and redirect domains, ending at an exploit-kit or fake-download landing page, is the malvertising fingerprint. The chain, not the first domain, is the evidence.
• Hunt for exploit-kit and drive-by artifacts. Browser child processes spawning unexpectedly, a browser writing and executing a payload, or exploitation of a known browser or plugin vulnerability are the on-host traces of a drive-by. These behavioral patterns are what tie a vague "they were just browsing" report to a concrete compromise during malware analysis.
• Correlate DNS and network telemetry. Beaconing that starts right after a browsing session, connections to known malicious ad or redirect infrastructure, and DNS to domains flagged in threat intelligence all help confirm the channel.
• Read the EDR detection in context. The endpoint tool may flag the dropped payload (ransomware, a stealer, adware) without naming the delivery method. Tracing back from the payload to a browser-and-ad origin is what identifies it as malvertising rather than, say, a phishing attachment.

The investigative discipline is to reconstruct the path. The payload tells you what landed; the browser, the ad redirect chain, and the timing tell you it came through an ad. Without that reconstruction, a malvertising infection is easily misfiled as "user error" that never happened.

How to prevent malvertising

Prevention splits by audience. Most defenders are protecting users and endpoints; some also run sites and buy or sell ad inventory. Both sides have real levers.

For users and the endpoints a SOC defends:

• Patch browsers and plugins, and remove what you do not need. Drive-by malvertising depends on an unpatched vulnerability. Aggressive patching of browsers and their extensions, and removing legacy plugins entirely, closes the door the pre-click attack walks through. (Adobe Flash, historically the favorite target, reached end of life and should be gone.)
• Deploy ad and content blocking, but do not rely on it alone. Ad blockers and DNS-level filtering of known malicious ad infrastructure cut a large share of exposure. RoughTed proved blockers can be bypassed, so treat them as one layer, not the answer.
• Enforce least privilege and application control. A drive-by that lands as a non-admin user with application allowlisting in the way achieves far less than one that hits a local admin. This caps what a successful infection can do.
• Keep EDR and behavioral detection on the endpoint. Because the payload varies and the delivery is hard to block, catching the post-exploitation behavior on the host is the reliable backstop.
• Block known malvertising and exploit-kit infrastructure. Feed threat intelligence into proxy and DNS filtering so the redirect chain dead-ends before the exploit kit.

For publishers and ad buyers:

• Vet ad networks and partners. Choose networks with real creative-scanning and abuse response, and treat the third parties in the chain as part of your attack surface.
• Scan ad creative and constrain what ads can run. Inspect creative for malicious code and limit active scripting in served ads where the platform allows it.

The unifying point: there is no single control that stops malvertising, because it abuses trusted infrastructure end to end. Layered patching, blocking, privilege limits, and endpoint detection together shrink both the chance of infection and the blast radius when one gets through.

Frequently Asked Questions

What is malvertising in simple terms?

Malvertising is when criminals hide malware inside online advertisements and get those ads onto legitimate, popular websites through normal ad networks. When the ad loads or is clicked, it tries to infect the visitor's device. The danger is that the attack reaches you on sites you trust, delivered by the same ad system that serves every other ad.

Can malvertising infect you without clicking?

Yes. In a drive-by download, the malicious ad runs code as the page loads and, if your browser or a plugin has an unpatched vulnerability, can install malware with no click at all. Simply viewing the page that served the poisoned ad is enough. Clicking is required only for the post-click style of malvertising, not the pre-click drive-by.

What is the difference between malvertising and adware?

Malvertising is a delivery method: malware pushed to victims through the online advertising supply chain. Adware is software already installed on a device that generates unwanted ads locally. Malvertising is the cause that can put malware (sometimes adware) onto a host; adware is one possible effect. One lives in the ad network before infection, the other on the device after it.

Is malvertising the same as a malicious website?

No. With a malicious website, the attacker controls a site and must lure victims to it. With malvertising, the attacker poisons an ad that legitimate, trusted sites then serve to their own audiences. The victim never has to visit anywhere unusual, which is what makes malvertising both broader in reach and harder to avoid by good browsing habits alone.

Do ad blockers stop malvertising?

They help but are not sufficient. Ad blockers and DNS filtering remove a large share of malicious ads and known bad infrastructure. But campaigns like RoughTed have bypassed major ad blockers using dynamic URLs and trusted CDNs, so blocking is one layer. Patching browsers and plugins, least privilege, and endpoint detection are needed alongside it.

How do defenders detect a malvertising infection?

The strongest tell is a host infected with no user action that explains it: no phishing click, no download, just normal browsing on reputable sites. From there, defenders inspect web and proxy logs for a redirect chain from a trusted domain through unfamiliar ad domains to an exploit kit, hunt for browser drive-by artifacts on the endpoint, and correlate DNS and network telemetry. Reconstructing the path back to an ad is what confirms it.

The bottom line

Malvertising is malware delivered through the online advertising supply chain. The attacker poisons an ad, gets it accepted into a real ad network, and lets that network serve it across legitimate, high-traffic sites to their own trusting audiences. The reach is enormous and the trust is borrowed, which is what makes it effective. The pre-click drive-by, where an exploit kit infects a host through an unpatched browser with no click required, is the part defenders most need to internalize, because it produces infections that look impossible until you find the ad in the chain. Campaigns from the 2016 Angler ransomware wave to RoughTed's ad-blocker-proof operation show the range. There is no single control that stops it: patch aggressively, block known infrastructure, constrain privilege, and keep behavioral detection on the endpoint, then reconstruct the redirect chain when something lands. The user who swears they did nothing wrong is usually telling the truth. The ad did it.