Malvertising: What is it and how to avoid it

A man using a laptop and mobile device to protect himself from malvertising threats.

Malvertising can infect your computer with malicious software even when visiting legitimate sites. Here’s how.

You can face plenty of online threats when you surf the web. And those threats don’t hide solely on malicious websites. You could accidentally infect your computer with malicious software even when visiting the most legitimate of sites if you’re not careful. The reason? Malvertising.

What is malvertising?

Malvertising is often confused with adware. That's because both attacks rely on online advertising to do their damage.

The big difference, though, is that malvertising attacks come from ads on legitimate websites. Some past malicious advertising campaigns targeted the websites of such major companies as the London Stock Exchange, MSN, and Yahoo.

Adware, on the other hand, is malicious software that is already on your computer, software that you were probably tricked into installing when you were downloading something else.

How does malvertising work?

You can fall victim to malware by either clicking on an infected ad or even just by visiting a website that is home to a corrupted ad. This second type of malware attack, known as drive-by downloads, is especially troubling. An infected ad only has to finish loading before it will harm your computer.

Cybercriminals can launch malvertising attacks by buying ad space from advertising networks and then submitting infected images with malicious code. Their hope is that legitimate sites will run these ads and that you will either click on them, believing them to be legitimate ads, or let them load and infect your computer that way, before the malicious ads are discovered and removed.

What are the risks of malvertising?

Malvertising campaigns and malicious ads can pose risks to your personal information. Here are the most worrisome risks:

Hackers might nab your financial information

Some malvertising is designed to trick you into giving up your personal information, especially your financial information. If hackers gain access to your bank account numbers or banking passwords, they could drain your accounts before you notice.

Thieves might run up your credit card debt

If hackers manage to steal your credit card information, they might use your cards to make purchases for themselves. You can dispute these charges, but you first have to notice them, and if you don’t check your credit card bills regularly, you might end up accidently paying for purchases you haven’t actually made.

Your computer might get infected

Malvertising can also install viruses and other malicious software on your computer. You might not even know that this malware is there. But hackers might use it to track your keystrokes, steal your passwords or take over your computer.

Examples of malvertising

Malvertising comes in all shapes and sizes but all forms can pose risks to your sensitive information. Here are some common malvertising examples.


Clicking on a malware ad will often redirect you to spoof sites that look legitimate but are actually set up for phishing attacks, in which criminals try to trick you into surrendering personal information such as your Social Security number, credit card numbers or bank account credentials. These sites are designed to look like legitimate sites, whether they are mimicking the webpages of banks, credit unions, or credit card providers.


The other main type of malvertising is more proactive and can quickly infect your computer. This version of malware populates legitimate sites — ones that you might visit every day — with infected banner or box ads. Clicking on such an ad could install spyware, viruses, trojans or other types of malware on your computer.

This type of malicious software can be especially dangerous because it often operates in the background, stealing your personal and financial information, tracking your keystrokes and monitoring your email messages without you ever noticing.

Sometimes you don’t have to click

You might think you’re safe from malvertising because you never click on online ads, including pop-ups. But here’s the scary part: Even if you vow to never click an ad, you’re not completely safe from malvertising.

That’s because the version of malware known as drive-by downloads can start infecting your computer with spyware or malware as soon as an infected page starts loading. You don’t have to click anything to start the process.

3 Ways to avoid malvertising

Avoiding malvertising takes vigilance, but it’s possible to defend against it. Here’s how:

Invest in an antivirus program

The best way to protect yourself against malvertising is to install and run a reputable antivirus program on your computer. And once you install antivirus software, make sure to promptly approve any updates.

Often, these updates are designed to protect your device against specific forms of malware, including malvertising. If you fall behind on updates, you could leave your computer vulnerable.

Turn on click-to-play for your browsers

All browsers allow you to select the "click-to-play" option. By selecting this, all online content that requires plugins to play — such as Java, Adobe Reader, QuickTime or Flash — will be disabled unless you manually give your OK for the content to play.

If you want to help protect yourself from malvertising, be sure to enable the “click-to-play’ selection in your browser's settings. This will protect you from drive-by download malvertising. How you access this option depends on your individual browser.

Install an ad blocker

You won’t accidentally click on a malicious online ad if that ad doesn’t show up on your screen. That’s the theory behind ad blockers. If you install one — some cost money, others are free — it will clear webpages of ads, which could help protect you against malvertising in the process.

Be aware, though, that not all ad blockers stop all ads. And some websites might not run properly if an ad blocker is turned on. Fortunately , you can tell ad blockers to allow online ads from certain sites.

Introducing Privacy Monitor Assistant

Take control of your information on data broker sites!

Data brokers publish and sell information about your personal life including family, address, employment and more. With Privacy Monitor Assistant our Member Services & Support Team will help request deletion of your personal information from these sites for you.

Dan Rafter
  • Dan Rafter
  • Freelance writer
Dan Rafter is a freelance writer who covers tech, finance, and real estate. His work has appeared in the Washington Post, Chicago Tribune, and Fox Business.

Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc. 


    Want more?

    Follow us for all the latest news, tips and updates.