Science & Technology

Malvertising Trends

What methods are malvertisers using in today’s ad ecosystem?

While digital advertising has vital monetizing potential, it also poses a risk to privacy, security, and user experience through the threat of malvertising. Is malvertising inevitable? It doesn’t have to be. What are recent malvertising trends, and how can publishers steer clear of the threat they pose?

Cloaked attacks

Cloaking allows malvertisers to conceal malicious URLs directly within legitimate code. It presents a harmless path right alongside a malicious one, allowing malvertisers to get around automated and manual ad quality control. Cloaked attacks have become increasingly sophisticated, appearing harmless to scanning technology while harming users under the surface.

Cloaking lets malvertisers maintain their deception until the final moment when malicious page content suddenly loads. This switch happens so quickly that it is impossible to detect earlier unless publishers have an aggressive, real-time solution in place that makes them stealthier than the malvertisers.

Device Fingerprinting

Device fingerprinting is utilized legitimately by publishers to create a more customized experience for users. Fingerprinting involves collecting data such as a user’s IP address, operating system, language setting, and web browser. It allows publishers to gain insight that will let them serve targeted, relevant ads.

Malvertisers subvert device fingerprinting to seek out their victims based on these same data points. Fingerprinting technology gives them greater precision with which to carry out a cyberattack. Users are far more likely to be ensnared in attacks when the malicious content is presented in a seamless, familiar manner based on parameters specific to them.

Device fingerprinting attacks usually have a secondary attack waiting to catch users if the primary attack fails to do so. These cyberattacks are sophisticated, malicious, and highly prevalent.


Clickbait entices readers to click on content that has a sensational headline or hook. The offensive or deceptive creative it serves has infiltrated the entire ad ecosystem, promising prizes or juicy information. Malicious actors prompt users for personal information or request access to their social media accounts, often leading down a harmful path.

Clicking on these bad links seems as though it will lead users to information or a website they want to access. Instead, clickbait reroutes them to viruses, ransomware, malware, Trojan horses, or other malicious content.

When users share personal details in order to access information on these questionable sites, it can lead to fraud and identity theft. The malware delivered by clickbait can wreak havoc on user devices, redirecting them to malicious sites at will or even taking over their devices.


Typically, ad partners cannot access one another’s site cookies because they are domain-specific. Cookie syncing makes sharing cookies possible, which is useful for advertisers. Cookie-syncing’s legitimate use is to improve customization in advertising. It allows industry partners to share data across platforms and advertisers.

Malvertisers are all too eager to use the same technique to access user devices for ill-gotten gains. Cookie-syncing attacks evade a publisher’s ad server, making them particularly difficult to detect and block. This is yet another way in which malvertisers undermine legitimate methods for subversive purposes.

Staying Vigilant

The tactics outlined above make it clear that malvertising attacks are increasing in frequency and intensity. Most attackers use a combination of these methods to carry out their underhanded plans. It’s vital for publishers to understand what they are up against in order to stay ahead of bad actors. A comprehensive, real-time solution is a must to ensure user security and preserve publisher reputation.


Back to top button