Malvertising involves spreading malicious software through fake ads displayed on the websites you visit. What actually happens, and how can you protect yourself?

Watch out for malvertising or fake ads

Cybercriminals are getting smarter all the time, inventing new ways to perpetrate their frauds. The latest method of attack is 'malvertising': criminals use online ads with malicious content to spread malware or infect systems.

An example: in the past, when you visited a popular website such as, you would suddenly see an advertisement for a well-known telecom operator, wrapped in a pop-up. If you clicked on the pop-up, you were taken to a perfectly imitated website of that operator, where you were then asked to fill in your user data under the guise of a survey.

However, the operator in question had nothing to do with these ads - they had been distributed by cybercriminals through an ad network. The ads contained the operator's logo and corporate identity, perfectly imitated, to fool you more easily.

The websites where the ads appeared were also unaware. Like so many other websites, they work with an ad network. In doing so, they make certain spaces on their website available to that network. If you visit the website, the network will automatically display an ad from a series it has in its portfolio, adapted to your profile.

How does malvertising work?

Malvertising is used to spread malware, or capture personal data. In the recent wave of malvertising, where the name and logo of operator Telenet were misused, the latter was the case. Much more often, however, malvertising is used to spread real malware.

This is how it happens: the cybercriminals hide a piece of code in an ad that looks harmless, often via an iFrame, an invisible frame or box that secretly takes you to other pages. If you click on such an ad, you are taken to a server owned by the criminals.

Often an 'exploit kit' is then implemented. This is malware that will evaluate your computer, checking for weaknesses in your operating system or programmes. And then that weakness is exploited to install malware on your computer, steal financial or other sensitive information on your system, or encrypt your computer (ransomware).

Or your computer is deployed as 'zombie-computer' in a "botnet" - large numbers of compromised machines used by cybercriminals in large-scale DDoS attacks. These bombard known websites with fake requests to serve web pages - so many requests that legitimate traffic drowns in them, so the website becomes inaccessible and the server may even crash.

All this happens silently in the background, without you noticing or having to do anything.

Why is malvertising so persistant?

As you could read above, most (large) websites today work with an ad network, which places the ads.

In fact, they are often global networks working with huge numbers of websites, advertisers and ads.

It is therefore very difficult for ad networks to thoroughly analyse each ad before it is included in the network. They usually only respond when a complaint is made against an ad from a particular group or company. Only then is the ad or advertiser vetted.

The extensive automation of ads such as real time bidding has another side effect: it is very difficult for cybersecurity experts to determine which ads contain malware. Because the networks constantly place different ads, personalised per visitor. When two visitors visit the same website, one may be infected, and the other not

Watch out for online fraud