Browse Malware and Threats

Malvertising Campaigns

Malware-and-Threats

Malvertising is the use of malicious or deceptive online advertising to deliver harmful content, redirect users, or support fraud.

On this page

Malvertising is the use of malicious or deceptive online advertising to deliver harmful content, redirect users, or support fraud. In plain language, it is when ordinary-looking web advertising becomes part of the threat path.

Why It Matters

Malvertising matters because users may encounter it during normal browsing rather than during obviously suspicious activity. That makes it a useful delivery path for scams, harmful downloads, and credential-directed deception.

It also matters because it shows how security risk can flow through indirect third-party channels. A legitimate site may not be malicious itself, but unsafe advertising content shown through that site can still expose users.

Where It Appears in Real Systems or Security Workflow

Malvertising appears in browser security, endpoint protection, web filtering, user-awareness training, and threat-intelligence reporting. Teams connect it to Watering Hole Attack, Phishing, Sandboxing, Antivirus, and Threat Intelligence.

Security teams care about malvertising because it can turn routine web use into an entry point for broader compromise or fraud.

Defensive Signals

  • Users report suspicious redirects after visiting otherwise legitimate sites.
  • Endpoint alerts appear after ad-heavy browsing or unexpected download prompts.
  • Web filtering logs show repeated redirects through unusual ad or tracking domains.
  • Multiple users reach the same deceptive landing page from unrelated browsing sessions.

Where Malvertising Shows Up

SurfaceWhat attackers exploitDefensive focus
Ad networksMalicious ads delivered through third partiesVendor risk and ad filtering
BrowsersDeceptive redirects or downloadsBrowser security and Sandboxing
User behaviorTrust in legitimate-looking adsAwareness and reporting

Practical Example

A user browsing a trusted news site clicks an ad that appears legitimate but actually routes to a deceptive landing page designed to pressure the user into downloading unsafe software or entering account information.

Common Misunderstandings and Close Contrasts

Malvertising is not the same as Phishing, even though both can use deception. Phishing is broader social-engineering communication. Malvertising specifically uses advertising channels.

It is also different from a Watering Hole Attack, which typically focuses on compromising or exploiting a site that a target group already trusts or visits frequently.

It is also a mistake to assume malvertising only affects careless users. Even security-aware users can be exposed if ad supply chains are compromised.

Knowledge Check

  1. What makes malvertising different from phishing? Malvertising uses advertising channels, while phishing is broader social engineering across many communication channels.
  2. Why can trusted sites still expose users to malvertising? Ads are often served by third-party networks, which can be compromised.
  3. What defensive controls reduce malvertising exposure? Browser protections, ad filtering, sandboxing, and user awareness.
Revised on Friday, April 24, 2026
Lateral Movement
Password Spraying