Malvertising is an attack technique in which malicious advertisements are used to spread malware and compromise systems, with attackers paying legitimate advertising networks to display these advertisements on various websites.

Malvertising threatens digital publishers, platforms, and network monetization partners by interfering with user engagement and leading to poor KPIs. Thankfully, there are ways you can combat this threat and protect your business.

Inline Frames

Malvertising is a form of malicious software which exploits clickjacking techniques to redirect victims to malware-laden websites, typically via exploiting iframes, JavaScript source properties ('src') properties embedded into HTML code or advertisements themselves.

Iframes (inline frames) effectively embed external websites' content directly within HTML documents, including advertisements, embedded videos, web analytics data and interactive features. They're commonly used for displaying advertisements or hosting interactive media like videos.


All major browsers, except Netscape Navigator 6, support inline frames. Similar to inline images, inline frames allow users to interact with and see different document parts as they scroll.

Framesets pose specific accessibility concerns; since they form part of one document, they're easier for screen readers to navigate than framesets.

To add an iframe to a document, add an iframe> tag within its body. An iframe should have a title attribute that helps screen readers recognize its purpose.

Controlling the placement of inline frames can also be accomplished using their align attribute, similar to table> tags. This value determines where an inline frame will appear within adjacent text or move towards the edge of the document allowing subsequent text to flow around it.

SCROLLING, an attribute for inline frames, specifies if and when scrollbars should appear. Auto is the default value; yes always generates them.

Malvertising attacks that use an iframe to redirect victims to malicious websites that install spyware and malware typically combine a WebKit browser flaw with key-down event hijacking iframes that allow malicious actors to direct victims without their knowledge or consent.

Inline frames must be unique and titled to prevent malvertising so users can determine whether they want to read or interact with the content. Furthermore, labels should also indicate they're not intended for personal consumption by readers.


Popup advertisements appear as small windows on your browser screen and may be useful, such as when banks display monthly statements in this way or websites ask users to enter coupon codes for discounts. Malvertising is another online activity which uses popups to promote harmful content and services that may contain malware.

While legitimate popups tend to be harmless and easily closed by clicking either "OK" or "Cancel", malicious popups may install malware and other programs onto your computer without your knowledge, including Malvertising attacks which use phishing tactics and social engineering tactics in an attempt to coax you into purchasing unwanted programs or services at great expense.

Malvertising techniques often involve showing an unexpected popup on the homepage of a legitimate website and redirecting the user to an untrustworthy one that solicits personal data or downloads malware onto your system. This method, known as clickjacking, may allow hackers to obtain your passwords or login details, distribute malware onto your system or even take control of your PC.

Malvertising campaigns often use popups on mobile devices as another strategy, though this approach may be particularly risky given their limited-screen real estate. Still, popups can be an effective way to reach users with messages.

Popups typically appear after time has elapsed or after scrolling past a certain percentage of a page. While they're an effective way to engage new visitors and familiarize them with your site, they may also become distracting or annoying for existing users.

Marketers use page views to increase conversions; Olyplant, an e-commerce company in the UK, increased its page views by 157% using this technique.

Overlay modals are another popular popup campaign. They are ideal for brands that provide immediate rewards or incentives in exchange for users providing their data, such as a game where users can compete to win prizes (like scratch-off tickets) or discounts on products they're interested in purchasing.

Ad Networks

Ad networks connect advertisers with apps and websites looking to sell ads at rates much lower than what publishers could get selling the space themselves. Ad networks offer different delivery models, including CPM (cost-per-mille), cost-per-click and cost-per-action.

Ad networks often provide complex services beyond ad placement, including remarketing and popup ads. Furthermore, these networks allow advertisers to choose which audiences and traffic they want their ads shown to.

Ad networks offer many benefits; however, attackers may use them to spread malicious ads. A cyberattack targeting ad networks and websites that display advertisements could then embed malware-ridden advertisements within these networks and websites' advertisements.

Malvertising is an emerging cyberattack trend that leverages the complex nature of the digital advertising ecosystem, making it hard for publishers to test ads for malware or block them outright. This allows cybercriminals to distribute malicious advertisements rapidly across many websites.

Due to this challenge, publishers often struggle to detect and block malicious ads, damaging their reputation and leading to users distancing themselves from their sites. Ad blockers and antivirus software provide critical protection from these threats.

Publishers need to understand how ad networks operate to protect their user's data more effectively and avoid becoming victims of fraudulent advertising practices.

A quality ad network will strive to locate quality sites where their clients' ads can be placed and then review its content to ensure it suits the advertised product or service.

An ad network may also organize sites into verticals such as automotive or travel and sell audience segments based on behaviour, interest and demographic data from publishers. Some ad networks utilize artificial intelligence technology to identify relevant ads for specific website content or audience interests.

Ad networks have become an important way for advertisers to purchase digital ad inventory, so it is incumbent upon them to be transparent regarding pricing and targeting technologies and quickly detect and respond to malware incidents.

Social Engineering

Social engineering is a form of psychological manipulation cyber criminals use to obtain confidential data and gain entry into systems. Social engineers may also employ this tactic to convince employees to install malware or visit potentially risky links that lead to attacks against data security.

Social engineering attacks tend to target sensitive information such as passwords and credit card numbers to access funds or gain entry to important systems.

Though this type of fraud is pervasive, it can still be prevented with effective security measures like dual-factor authentication and regularly changing passwords. Companies should also educate employees about cyber security so they can spot suspicious activities to safeguard company data.

Employees should also be made aware of the different forms of social engineering attacks that could take place within their organizations and how these can be avoided - this includes email phishing scams and USB baiting attempts, among many others.

It involves:

  • Sending out malicious emails with embedded links to malicious websites that contain exploit code.
  • Potentially downloading and installing on victims' computers and phones and stealing sensitive data.
  • Even taking control of devices altogether.

Spear phishing is another well-known social engineering attack type in which attacks are carried out against specific individuals or groups. An attacker might pose as an employee from a company and attempt to convince the recipient to disclose sensitive data.

One such tactic involves sending out phishing emails purporting to come from a legitimate law firm, purporting to be court notices that require employees of an organization to appear for legal proceedings. When victims click on these links, malicious websites download malware onto their computers, which can then be used to steal sensitive data or spread throughout an organization's network.

Pretexting is an advanced social engineering tactic wherein threat actors craft fictional scenarios to increase legitimacy in the victim's eyes and increase trust, leading them to divulge more information they wouldn't otherwise. This technique increases the chances that information would otherwise remain hidden.

Malicious Code

Discover End-to-End Zero Trust Security
Discover Now
Xcitium Client Security - Device
Endpoint Protection + Endpoint Detection & Response

Gain full context of an attack to connect the dots on how hackers are attempting to breach your network with ZeroDwell Containment, EPP, and Next-Gen EDR.

Xcitium MDR - Device
Xcitium Managed SOC - Device
Managed EDR - Detection & Response

We continuously monitor endpoint device activities and policy violations, and provide threat hunting and SOC Services, with 24/7 eyes on glass threat management. Managed SOC services for MSPs and MSSPs.

Xcitium MDR - Network | Cloud
Xcitium Managed SOC - Network | Cloud
Managed Extended Detection & Response

Outsourced Zero Trust managed - security with options for protecting endpoints clouds and/or networks, as well as threat hunting, SOC Services, with 24/7 expert eyes on glass threat management.

Xcitium CNAPP - Cloud Workload Protection

Xcitium's Cloud Native Application Protection Platform (CNAPP) provides automated Zero Trust cloud security for cloud-based applications and cloud workloads, including infrastructure DevOps from code to runtime.

Move Away From Detection With Patented Threat Prevention Built For Today's Challenges.

No one can stop zero-day malware from entering your network, but Xcitium can prevent if from causing any damage. Zero infection. Zero damage.

Book A Demo
EDR - Dot Pattern