Malvertising is a portmanteau (“malicious” + “advertising”), and is when criminals use online ads to spread malware. Essentially, criminals insert malicious ads into websites and legitimate internet advertising networks. Plenty of large, popular websites use third-party vendors or ad server software to generate revenue. Unfortunately, there’s no strict vetting process in place, so cybercriminals often just need to sign up to start submitting ads to a vendor’s network. First, they submit clean advertisements for a few weeks to gain legitimacy and circulation; after that, they start switching legitimate ads out for malicious ones. The booby-trapped ads are usually only active for a few hours, making them even harder to detect or block.
Now you’re thinking, “But they can’t get me if I don’t click the ad, right?” Unfortunately, malware attacks can happen pre- and post-click. Drive-by downloads and malware that is embedded in the page code of a website don’t wait around for a user to click on them. That’s why it’s particularly important that you use ad-blockers and security software that has proven web threat protection.
Read more about Malvertising: