When Ads Attack: Inside the Growing Malvertising Threat

Digital ads were meant to fuel the internet’s growth. Instead, they’ve become one of its biggest liabilities.

Cybercriminals have been using the ad ecosystem as a weapon, hiding in plain sight to reach victims at massive scale. Juniper researchers estimated that ad fraud alone drained nearly $84 billion from marketing teams in 2023—a glimpse at the staggering cost of trust turned toxic.

The stunning scope of this digital crime wave

Malvertising rides on trusted ad networks to reach huge audiences, turning well known sites into unwitting accomplices. In late 2024, ConnectWise researchers found a malvertising campaign impacting around a million devices. Users visiting illegal streaming sites were targeted with malicious ads that redirected them, unknowingly, to sites hosting malicious payloads.

Criminals have perfected their approach to weaponizing trusted platforms

The playbook keeps evolving. Threat actors have weaponized Google ads to redirect corporate employees to phishing websites for credential theft.

Then there is the fake captcha campaign discovered by Guardio researchers. Users thought they were proving they were human. Instead, they were pasting and running a PowerShell command that installed stealer malware aimed at social accounts, banking credentials, passwords, and personal files.

Another malvertising campaign in recent years was the SYS01 InfoStealer campaign that leveraged Meta’s ad platform to targeted users worldwide. The campaign involved ads for popular software (e.g., Adobe Photoshop, Canva, etc.) to trick users into downloaded a free version of the applications, which then installed malware on the system.

The Impact

Malvertising can let attackers steal money, credentials, and sensitive data. Threat actors can also damage brand reputations, conduct business email compromise (BEC) and potentially disrupt business operations.

Everyday users are not spared either. Malvertising campaigns can put these users at risk of social engineering attacks and identity theft.

Malvertising has evolved into a powerful weapon, exploiting trusted ad networks to spread malware and steal data. By blending into legitimate platforms, attackers can reach both businesses and everyday users at massive scale.

Leverage ad-blocking tools, VPNs for privacy, ensure systems are regularly patched, and use caution with search engine search results. A simple way for many people to check links for potential malicious activity is to paste them into VirusTotal for analysis.