Malvertising (a short form of “malicious advertising”) refers to a method in which online advertisements are deliberately misused to spread malware (malware). The ads seem harmless at first glance and often even appear on reputable websites, but contain hidden malicious code.
In malvertising, cybercriminals place manipulated advertisements via common advertising networks. These ads are then displayed on many different websites – often without the knowledge of the site operators. The malicious function can either be activated by clicking or triggered automatically, for example when the ad is displayed and the system has an unpatched security vulnerability.
Potential impacts include:
Infection with malware (e.g. through drive-by downloads)
Redirecting to fraudulent or fake websites
Presentation of manipulated alerts (“Your device is infected”)
Reading or tapping access data
Malvertising can occur in many places in everyday office life – especially where employees surf the Internet:
On news portals, specialist websites or blogs that integrate advertisements
When visiting online tools or services funded by advertising
In search results that show purchased ads
In free applications funded by embedded advertising
Especially in SMEs, where private and professional Internet use are sometimes mixed, the risk of accidentally encountering harmful content is particularly high.
To reduce the risk of malvertising, companies and employees should implement the following measures:
Update software regularly (operating system, browser, plugins)
Use ad blockers in your browser to suppress malicious ads
Use only official and trustworthy sources for software and downloads
Use antivirus and security software that scans websites and downloads
Raising employee awareness of cyber risks and fraudulent online advertising
Avoid suspicious websites, especially with unusually cheap offers or eye-catching advertising messages
