How to avoid malvertising

Hand increasing the protection level by turning a knob
(Image credit: Shutterstock)

You’ve probably heard of malware, and you’ve definitely heard of advertising, but a new threat has emerged after those two worlds have collided. It’s called “malvertising”, and it’s worth avoiding.

Malvertising can hack, infiltrate, and exploit your PC, laptop or smartphone without you even knowing it’s there. That’s because it reaches your devices through adverts you might click rather than more conventional methods like phishing emails, brute force attacks or viruses.

It’s a dangerous and murky business, especially because media outlets, advertising networks and users simply aren’t yet familiar with malvertising. But if you’d like to learn more about this new threat – and find out how to avoid getting caught– just read our guide.

The internet is crammed with security threats, so we’ve got more guidance elsewhere, too. We’ve gone in-depth on choosing the right antivirus for your business and unveiled the top breaches and cyber attacks of 2022 – so you know what to avoid in 2023.

What is malvertising?

You won’t necessarily know that you’ve been hit by a malvertising attack – at least initially – because this method disguises malware in the kinds of adverts we all see all over the internet.

Malvertising – a portmanteau of “malicious advertising” – hides dodgy code inside normal-looking adverts. Hackers buy advertising space using legitimate networks, upload adverts with malware, and then hope those adverts run on respected websites.

If the attack works, you’ll end up with malware, spyware, viruses or ransomware installed on your device, leaving yourself open to identity theft, fraud and financial problems.

These dodgy adverts can appear anywhere on the web. You don’t necessarily have to even click on an advert to get hit by malvertising – some of them start to attack your device when you browse a site that hosts an infected ad.

Plenty of huge companies have fallen victim to this kind of attack, so don’t feel bad if you do become a victim. In the past, malvertising has hit the London Stock Exchange, the Los Angeles Times and eBay.

There are lots of different types of malvertising. Some simply download dodgy files to your PC as soon as the advert and its host website have loaded. Others hide malicious code inside individual pixels inside images – and no one can notice the malware until it’s too late because you’ve already clicked.

Other adverts trick users into thinking they’ve got computer issues by using realistic-looking error messages. Others tout false updates, surveys and prizes that can easily dupe an unsuspecting user. You’ll even find schemes that take control of your browser window, directing it to dodgy sites that deploy more sophisticated hacking methods.

Whether it’s a scam, a fake error message, hidden code or malware that automatically launches from an advert, it’s a surefire way for hackers to crack your PC open – and, therefore, get access to your financial information, email accounts and sensitive data.

You may have heard of adware, which is another advert-based infiltration method, but malvertising is different. While adware works by infecting your device and then displaying adverts and messages, malvertising goes the other way and displays adverts first to get inside your system.

How to avoid malvertising

There are loads of different malvertising methods around, but they all concentrate on getting access to your devices, data, bank accounts and personal information – and that’s something that we all want to avoid.

Happily, some easy and effective methods can drastically reduce your chances of being hit by a malvertising attack.

Your first line of defense should be a top-notch antivirus package. If you install a great security suite and ensure it’s always updated and active, you’ll benefit from a huge database that spots and eliminates malvertising and other security vulnerabilities before you’re hit with issues. If you’re not sure which antivirus is right for you, head over to our round-up of the best antivirus software.

You can do other things once you’ve installed a top-tier security package, too. Make sure that you’ve turned off the auto-play options in your browser – deactivate those, and you’ll have to give permission for your browser to play videos, open windows and activate plugins. That’s an easy way to avoid anything you don’t trust.

When those auto-playing items are often the source for malvertising attacks, turning them off is a no-brainer if you want to stay secure.

Get an ad-blocker installed, too. These browser plugins prevent adverts from loading and running on sites across the web. They don’t stop absolutely everything, but they stand in the way of most ads – so it’s a great way to reduce your chances of getting hit by malvertising.

Elsewhere, be careful about what plugins you install on your browser and what apps you install on your PC – make sure you only get them from trusted sources. Install software from sites you don’t recognize and you’re only going to open yourself up to malware issues.

Once you’ve got trusted apps and plugins installed, make sure you keep them up to date so that any security holes are plugged before they can be exploited. Similarly, ensure that you download the latest updates for your operating system for the same reason.

Do all of this and you’ll reduce the number of adverts you see and the chances of getting hit by malvertising, but it’s impossible to eliminate every threat. Because of that, we also advise anyone browsing the web to be suspicious and skeptical about what you see online – if an advert is too good to be true, then it probably is.

Don’t stop there, either. If you’ve got friends or family members who aren’t particularly tech-savvy, then set them up with security software and an ad-blocking tool. Warn them about the dangers of malvertising, and tell them to avoid clicking on pop-ups and adverts when possible.

Instead, if you see an advert with a tempting product or service, use a search engine to navigate to its website directly. Head down that route and you’ll find out if it’s legitimate – and you’ll avoid clicking on the advert and opening yourself up to exploitation.

We've listed the best internet security suites.

Mike has worked as a technology journalist for more than a decade and has written for most of the UK’s big technology titles alongside numerous global outlets. He loves PCs, laptops and any new hardware, and covers everything from the latest business trends to high-end gaming gear.