• All Articles

5 Things That Motivate Malvertisers and how we stop them!

By Giles

July 15, 2021


Cyber criminals continually look for ways to infiltrate ad networks and ad serving platforms using various types of malvertising in the digital ad ecosystem. The intention is to exploit and harm website users directly, via the introduction of malware, phishing attacks, ransomware or forced redirects, all looking to exploit weaknesses that can do real, practical damage to users lives via data harvesting and scams.

Publishers should be aware that malvertisers will tend to start their campaign with a legitimate offer to get the campaign through an ad network’s Compliance scrutiny, then once the campaign has been running for a while they will switch the campaign and landing page url to a malvertising campaign. 

Malvertising can cause an immediate crisis management situation for all businesses in the ad supply chain, and the following scenario can occur:

  • The end user who has had their devices compromised from clicking on a bad ad on a publishers site will always think negatively about the website and is likely to post about their experience on social networks, naming the website and telling other users not to visit the website, labelling it as unsafe.
  • The publisher will be spreading the malvertising without even knowing, affecting their end user experience and potentially their impressions revenue.
  • The ad network selling the publisher's inventory and allowing malvertising to be exposed to end users will negatively affect their relationship with the publisher causing loss of revenues and reputation.
  • Media exposé, malvertising distribution is always being written about by security and ad tech media, with explanations of how certain malvertising campaigns were distributed, naming the ad network involved, bringing negative press coverage and requests from the journalists wanting to know why it was allowed to happen. This media coverage then affects current and future business because the media story comes up in every Google search about the ad network.

All this damage is created, while the cyber criminals get richer at the expense of innocent players. So what motivates these malvertisers to launch malicious, unsafe, or exploitative ad campaigns? Here we will take a look at 5 of the most common motivations and how AdSecure is the solution to this global problem.

# 1. Profit

Money is the largest single driver for the majority of malicious campaigns within the digital ads ecosystem. Malvertising allows cyber criminals to exploit end users for financial gain in multiple ways. For example: 

  • Scareware appears as a fake program that is designed to fix something on your device using a warning such as ‘your device is infected with a virus.’ The criminal is trying to frighten the user into purchasing the software that claims to fix their device.
  • Ransomware claims that the end user's device has been locked and they will lose all their files unless they pay a fee to the criminal.
  • Phishing can appear as an ad or an email that uses fake information to convince the end user it is a legitimate entity, the end user clicks on a link thinking it is legitimate which can download malware to the users device or can ask them for sensitive data such as passwords, credit card details, etc
  • Malware is a malicious software that an end user downloads to their device by clicking on a link on a malicious ad or its landing page. Once installed the cyber criminal will use the software to see what is happening on the users device to steal personal data, use their device for crypto currency mining, etc.

Case study: Cyber criminals use Scareware featuring fake Microsoft tech support, ad appeared on a US entertainment website
Fake tech support alerts are one of the most malicious ads that can harm users, this example was delivered via a banner ad promoting an online dating website. The cyber criminals targeted the banner ad to desktop users, Windows OS, using the Edge browser. Once the user clicked on the banner ad they were redirected to this landing page featuring a fake Microsoft tech support message that appeared on the users screen. It also features bad English grammar.

5 Things That Motivate Malvertisers and how we stop them!

The malvertiser heightened its scare potential by locking the user’s browser as well as playing an alert type sound to try to force the user to call the number on the landing page for “tech support.” Once the user calls, the malvertiser will take credit card details to pay for fixing the fake issue. As a consequence these types of ads leave the end user open to a credit card data breach and negative user experience, damaging the Publisher site’s relationship with the user. 

#2 Low risk/High reward

Cyber criminals know there is a relatively low risk of being caught or being punished for engaging in malicious attacks in comparison to the potential monetary rewards make it easy for malvertisers to keep trying to run malicious ads, and continue when a bad campaign has been unmasked. For every big story we hear about a malvertising operation being uncovered and police making arrests, there are hundreds, likely thousands of bad actors who remain comfortably anonymous.

#3 Simplicity

Cyber criminals find exploit kits on the dark web incredibly easily, and cheaply. Malertisers can also usually get started on many ad networks as an advertising partner and be active for weeks or months before they are detected and banned from the network, often after the damage is well and truly done.

#4 The fun of it

Sometimes, they do it for the LOLs. This can be a strong driving force behind the launch of explicit or offensive ads on major websites, the humour and pleasure they derive from getting an adult image up somewhere it shouldn’t be.

#5 Media manipulation

We increasingly live in a time of “post-truth” media. Fake, misleading news and deep fake technology allow some scammers, or those with more sinister political agendas to craft their desired narrative, and then easily get that narrative in front of billions of people around the world.

AdSecure is the solution!

Full protection: AdSecure’s ad verification system is built around a custom-made crawler capable of simulating a wide array of devices and locations. It allows you to automatically scan ad tags and site pages for malvertising and non-compliance in real-time before the ad campaign is launched and while it is live. AdSecure’s technology scans for:

  • User security: Malware, Phishing URL, Ransomware, Scareware, Browser Locker, SSL non-compliant, Unwanted Programs.
  • User experience violations: Auto-download, Auto-redirect, Auto-redirect app store, Auto-pop, Auto-vibrate, Back Button Hijack, JS Alert on entry, JS Alert on exit, Landing page error, Device Permissions: (Camera, Clipboard, Geolocation, Microphone, Notification, Uncommon Protocols).
  • User advisory violations: Suspicious TLD, Flagged URL, Unsafe content: (Adult, Medical, Racy, Spoof, Violence) IAB Standards:(Ad Dimension, Ad Weight, Ad Request Count, Ad File Compression).

Real-time technology: AdSecure is built on the same modern browser technology that powers today’s online world. We're faster, more accurate, and can handle obfuscated code attacks in a way others solutions can’t. Built for Ad Platforms, Ad Operation teams and Publishers, AdSecure ensures a continuous compliant and malvertising free ad delivery. Don’t spread malvertising, identify it and stop it with AdSecure.

For a detailed look at all the Malvertising tactics that Cybercriminals use, check out our blog post What is Malvertising and how to stop it.

Free 14 day trial: Try our free 14 day trial giving you access to 100,000 test scans and 1GB of residential and mobile carrier bandwidth to test with. Sign up here now!

Share this article on