Malvertising scams: Malware, Browser Locker and Scareware

Further to AdSecure’s in depth Violations Report 2022, we took a deeper dive to evaluate 3 specific violations: Malware, Browser Locker and Scareware. In particular we looked at data for Q3 and Q4 of 2022 and the top 10 GEOs most targeted by cyber criminals with malicious ad campaigns for these three violations. Any publisher website allowing these specific violations to be exposed to end users will suffer damage to their online brand, therefore it is imperative to detect and remove these violations before any damage can be done. Let’s now look at the three violations data gathered by AdSecure for a deeper evaluation of these Malvertising scams

Percentage split between the three violations across the top 10 GEOs for each violation:

Malware Browser Locker Scareware

Malware malvertising scams 15.3%

Malware is perhaps the most commonly known cyber crime known to end users. This form of Malvertising scam hides malicious code within an ad. It can include viruses, worms and Trojan horse programs that target end users to compromise their devices and data. It is used to disrupt computer operations, gather sensitive information, gain access to private computer systems, or display unwanted advertising.

In Q3/4 of 2022, the top 10 countries suffering from Malware Malvertising scams hidden within online ads that AdSecure detected were:  

malvertising scams


From the top 10, almost two thirds of Malware detections were in Tier 2 (70.2%) with Tier 1 at 29.8%. No Tier 3 countries made the top 10. Cyber criminals are aware that richer countries are more well educated about Malware, so they concentrated their Malware attacks at Tier 2 countries.

With 35.8% of Malware detections coming from Turkey, the country remains a big target for Malware attacks. This has been consistent with evidence of Malware attacks dating back to a 2021 article when AdSecure reported on a particularly nasty Malware attack. Malvertisers used infected campaigns to target online gamers, luring them into downloading fake versions of popular online games that actually contained malware. The image below was the landing page of one of these malware campaigns detected by AdSecure. As you can see the text is in English, only the month November (Karim) is in Turkish. Additionally note that egyptian gamers is spelt incorrectly.

What is Malvertising

Looking at this data across the continents of the top 10 GEOs we see that Europe took the bulk of attacks Europe 60.3%, Africa 21.4%, North America  11.1% and Asia 7.2%.

Browser Locker malvertising scams 31%

One of the most annoying violations to end users. Browser Locker malvertising scams use a script that runs in the web browser and its main purpose is to disable any form of action that can close the browser. All attempts to close the browser will result in a warning message box (Javascript alerts). It consists of a page that dupes the user by using a fake reason such as  loss of user data or files and asking the end user to pay in order to unlock their device, thus compromising their personal financial data. The top 10 countries where AdSecure detected Browser Locker violations were:

malvertising scams


Here we can see that in Tier 1 43.7% were detected and in Tier 2 40.4% were detected. Cyber criminals also targeted Tier 3 countries in our top 10 at 15.9%.

USA had the highest number of detections for the Browser Locker violation at 19.6%. Looking at this data across the continents of the top 10 GEOs we see that Asia and Europe took the bulk of attacks: Asia 38.1%, Europe 31.2%, North America 19.6% and LATAM 11.1%.

AdSecure has helped many clients detect and stop Browser Locker malvertising scams, check out our client Case Study where AdSecure helped Traffic Factory achieve a 95% decrease in Browser Locker attacks.

Scareware malvertising scams 53.7%

Scareware is probably the most shocking for end users. Scareware are ads that claim the end user’s device is infected with a virus. Malvertising scams often use the names of well-known companies that specialize in computer software to gain your trust. The pop-up advertisements aim to mimic genuine warning alerts generated by computer security software. You can see examples of some of the tactics used by Malvertisers in this blog post What is Scareware? The aim is to get end users to download useless anti-virus programs that can also contain many more pieces of software that can harm the device as well as trying to extract personal data from end users' devices. The top 10 countries where AdSecure detected Scareware violations were:

malvertising scareware


Here we can see that in Tier 1 42.9% were detected and in Tier 2 26% were detected. Cyber criminals also targeted Tier 3 countries in our top 10 at 31.1%.

USA had the highest number of detections for the Scareware violation at 19.6%. Looking at this data across the continents of the top 10 GEOs we see that Asia and North America took the bulk of attacks: Asia 37.4%, North America 34.2%, Europe 8.7%, Africa 4.7%, LATAM 3.2%.

Cyber criminals generally target Scareware at rich countries such as the USA as they can earn higher revenues, however it is interesting to note that in the Top 10 are countries with lower incomes being targeted such as India, Egypt, Ecuador and Vietnam. As these countries tend to use mobile devices rather than desktop devices to connect to the internet, this can be very damaging to the end user experience of the website that served the malicious ads because the end users sole source of connectivity is compromised. 


Tier 1 GEO the UK (GBR) features in the top 10 for each violation and the USA came top twice out of the three violations. While Europe took the bulk of Malware, Asia was the most popular destination for malicius campaigns for Browser Locker and Scareware. Developing countries like Vietnam, India, Indonesia and Thailand offer rich pickings for cyber criminals as more and more of the population get their first smartphones, they may not be very internet savvy are very tempting to bad actors.

In this article we just touched on 3 specific types of Malvertising scams that can cause significant harm to end users. But all forms of Malvertising are going to affect the online brand reputation of the publisher sites and ad networks serving the malicious ads. Because Malvertising compromises the end user’s experience, safety and welfare, it also threatens the integrity and reputation of all online businesses monetizing ads. Ultimately, using a robust solution such as AdSecure to monitor the full ad flow of a campaign will protect the end user and will be a major factor in ensuring an excellent reputation for online businesses. For further reading check out our full Violations Report 2022, and get a free 14 day trial of AdSecure to find out for yourself just how effective AdSecure can be.

Recommended Posts