You're reading a news article. Maybe it's about the weather, maybe the local hockey scores, maybe some politician saying something predictable about the economy. The page loads. A banner ad appears in the sidebar. You don't click it. You don't even look at it. And your computer is already infected.

That isn't science fiction. It isn't a worst-case scenario cooked up by some paranoid IT consultant. It is a documented, repeatable, industrial-scale attack method that has been active since 2007 and remains operational today. It has a name that sounds almost quaint, like something from a marketing textbook. Malvertising. The injection of malicious code into legitimate online advertising systems.

What makes it different from every other cyber threat you've been warned about is this: you don't have to do anything wrong. You don't click a suspicious link. You don't open a dodgy attachment. You visit a real website, run by a real company, and the advertising infrastructure delivers the poison directly to your browser. The website owner doesn't know. The advertising network doesn't know. And by the time anyone figures it out, the damage is done.

CISA, the United States' top cybersecurity agency, put it plainly enough: malvertising "can compromise a network even if you do not click on an ad." That single sentence should rearrange how you think about browsing the internet. But to understand why this works, you need to understand the machine it rides on. And that machine, it turns out, was built to move faster than anyone could watch.

The Invisible Auction That Runs the Internet

Here is something most people have never thought about, probably because it happens too fast to think about. Every time you load a webpage with advertising, an auction takes place. Not a slow one with numbered paddles and a guy in a suit. A real-time bidding auction that starts when your browser sends a request and finishes before the page finishes rendering. We're talking milliseconds. Faster than a blink.

The system works like this. Publishers—the websites you visit—make their ad space available through supply-side platforms. Advertisers bid on that space through demand-side platforms. Between them sit ad exchanges, which broker the transaction. By 2021, roughly 90 percent of all digital display advertising moved through this automated pipeline. Approximately $651 billion worth of global ad spending flows through a system where no human being reviews individual ads before they appear on your screen. Nobody can. The volume is too high and the speed is too fast.

This is where attackers enter the picture. They register with an advertising platform, sometimes using stolen identities, sometimes using fake companies built from scratch. Some platforms, according to industry documentation, don't verify business addresses and require nothing beyond a credit card. The attacker submits a clean, harmless advertisement for review. It passes. Then, after approval, the creative is swapped. The clean ad is replaced with one carrying malicious code. Or the ad itself is clean but redirects through a chain of servers that ultimately delivers a payload. The swap happens after the vetting, and the system wasn't built to check twice.

A 2020 audit by PricewaterhouseCoopers found that 15 percent of advertiser spending in the programmatic supply chain could not be attributed to any identifiable party. One-third of supply chain costs, vanishing into opacity. Publishers routinely connect with fifty or more supply-side platforms, each connected to ten or fifteen demand-side platforms, each connected to millions of advertisers. That's not a pipeline. That's a labyrinth. And somewhere inside it, someone is placing booby traps.

Drive-By Downloads and the Era of No-Click Infection

The earliest malvertising attacks, appearing around late 2007, were crude by today's standards. Fake antivirus alerts, pop-up windows, redirect chains that bounced users through a series of sketchy domains before landing on a page demanding payment. Annoying, certainly. But they required the victim to interact. Click something. Install something. The attacker needed cooperation.

That changed with drive-by downloads. The concept is exactly what it sounds like—malware that installs itself on your machine without any action on your part. You drive by. It jumps in. The mechanism relied on vulnerabilities in browser plugins, particularly Adobe Flash, Oracle Java, and Microsoft Silverlight. These plugins ran code automatically when a page loaded, and if they contained unpatched security flaws, an attacker could exploit those flaws through code embedded in an advertisement. Your browser loaded the ad. The ad probed your plugins. If it found a hole, in went the malware.

This is where exploit kits entered the story, and they changed everything. An exploit kit is a pre-packaged toolkit designed to automatically scan a visitor's browser, identify vulnerabilities, and deliver the appropriate payload. Think of it as a vending machine for infections. The attacker doesn't need to know what software you're running. The kit figures it out.

The most dominant kit, active from roughly 2013 to mid-2016, was responsible for an estimated 40 percent of all exploit kit infections at its peak. It generated approximately $34 million in annual revenue. It could detect antivirus software, virtual machines, and research environments, then refuse to execute if it suspected it was being watched. It exploited zero-day vulnerabilities—flaws that the software manufacturers didn't even know existed yet. When security researchers studied it in sandboxed environments, it recognised the sandbox and played dead. Clever. Horribly, impressively clever.

After that kit's operators were arrested in mid-2016, others filled the vacuum within weeks. One successor accounted for roughly 75 percent of observed exploit kit traffic by the summer of that year. Another, still operational today, uses a three-pronged strategy combining Flash, JavaScript, and VBScript obfuscation. Yet another focuses on the Asia-Pacific region and delivers payloads that never touch the victim's hard drive at all, existing entirely in memory. Truly fileless. Nothing for your antivirus to scan.

And none of this required anyone to click anything. You visited a webpage. The ad loaded. The exploit kit ran. You were infected. The whole process, from page load to compromised machine, could take less than a second.

Poison Hidden in the Pixels

If the exploit kits were the bullets, steganography was the silencer. The word comes from the Greek for "covered writing," and in the context of malvertising, it refers to hiding malicious code inside image files. Not attached to them. Not alongside them. Inside the image data itself.

The technique that made researchers sit up straight worked like this. Attackers created PNG banner advertisements—the kind of images you see on every website. Inside the alpha channel of the PNG, which controls transparency values, they encoded JavaScript. Two consecutive alpha values, when combined through a specific mathematical operation, produced a single character of code. The values were subtracted from 255 with an offset of 32, which kept the visual changes to the image essentially invisible to the human eye. PNG was chosen over JPEG specifically because PNG uses lossless compression. JPEG would have destroyed the hidden data.

When a browser loaded this image, the embedded script extracted itself and checked whether the machine was being monitored by security software. If the coast looked clear, it redirected the victim's browser to an exploit kit through a URL shortener. If it detected a security tool watching, it did nothing. Sat there looking like any other banner ad. The websites hosting these advertisements had millions of daily visitors across the Netherlands, Czech Republic, Canada, the United Kingdom, and Australia. Readers of perfectly legitimate news sites, infected through an ad image they never even noticed.

That was 2016. The technique evolved. Later operations used JPEG files instead of PNG, hiding code that was decoded using the browser's own HTML5 Canvas API. One campaign targeting Mac users hid JavaScript inside JPEG data and used Google's own Firebase platform as the delivery mechanism. A different method, documented in 2019, went even further. Rather than hiding code inside an image that required a separate extraction script, attackers created files that were simultaneously valid images and valid JavaScript. Called polyglot files, these exploited the BMP image format by manipulating file-size header bytes so they doubled as JavaScript comment openers. Load the file as an image tag, it displays normally. Load it as a script tag, the browser executes the embedded code. Redirecting victims to cryptomining operations and remote access trojans through Amazon's CloudFront content delivery network.

Can this still be done? Partially. The death of Adobe Flash and the hardening of browser plugin architectures have eliminated the silent drive-by download vector for most users. But steganography itself remains viable. As long as advertisements contain images, and images contain data, the hiding places exist.

Cloaking — The Art of Showing One Thing and Doing Another

Here is the problem that every malvertising operation has to solve. Ad networks employ security scanners. Researchers operate honeypots. Verification companies monitor billions of impressions per day. So how do you serve a malicious advertisement to real users while showing something harmless to everyone who might catch you?

The answer is cloaking, and the sophistication of modern cloaking technology is, frankly, unsettling.

At its most basic, cloaking means serving different content based on who's requesting it. If the visitor's IP address belongs to a known security company, serve the clean ad. If it belongs to a regular residential internet connection, serve the payload. But basic IP filtering was just the starting point.

Modern operations fingerprint visitors using dozens, sometimes hundreds, of data points. WebGL rendering characteristics. Canvas fingerprinting, which exploits tiny differences in how different hardware draws graphics. Passive TCP/IP fingerprinting that analyses the operating system based on network packet characteristics without sending any data back. TLS fingerprinting using something called JA3 hashing, which identifies the client based on the specific way it negotiates an encrypted connection. Hardware concurrency checks that count the number of CPU threads, because virtual machines used by security researchers often have fewer than real consumer hardware.

One documented technique involved time-based activation. The malicious ads would stage on a network weeks in advance, sitting dormant, behaving perfectly, passing every scan. Then they would activate on weekends and holidays, when human analysts were least likely to be monitoring. One operation specialised in this, timing attacks for maximum exposure and minimum oversight.

By 2025, the cloaking industry had professionalised. Researchers documented platforms selling cloaking-as-a-service, using machine learning with hundreds of data points per visitor to distinguish real users from security scanners. The artificial intelligence running these systems continuously learns, adapting to bypass evolving bot detection. One such platform was found to be using proprietary models trained specifically to identify and evade the scanning infrastructure of major advertising verification companies.

This is not a marginal problem. One of the leading ad security firms documented 14 distinct cloaking techniques in its attack matrix. Fourteen different ways to make the scanner see one thing while the user gets another. And those are just the ones that have been identified.

What the Infections Actually Do

The point of all this engineering is to put something on your machine, and what that something does has shifted dramatically over the years. Three major payload eras define malvertising's history.

The first era belonged to ransomware. From roughly 2014 to 2017, the dominant use of malvertising was delivering programs that encrypted your files and demanded payment. One family of ransomware distributed through malvertised ads on major websites infected over 600,000 computers; the FBI estimated total losses exceeding $18 million by mid-2015. Another strain, sold as a service to criminal affiliates with developers taking up to 40 percent commission, accounted for 90 percent of all ransomware detections by early 2017 according to one security vendor. The delivery mechanism? Exploit kits, served through poisoned ad impressions on sites their victims trusted completely.

The second era saw banking trojans and financial malware. These programs sat quietly on infected machines, waiting for the user to visit a banking website, then intercepted credentials, manipulated transactions, or injected fake form fields to harvest additional information. One banking trojan weighed just 20 kilobytes—smaller than the paragraph you're reading—and used malvertising as one of its primary distribution channels. Another became widespread in October 2016 specifically through targeted malvertising campaigns aimed at corporate accounts.

The third era, and the one we're living in right now, belongs to information stealers. Starting in 2022 and accelerating sharply through 2023, 2024, and into 2025, the primary payload delivered through malvertising shifted to programs that harvest everything. Passwords. Browser cookies. Cryptocurrency wallets. Saved credit card numbers. Session tokens that allow attackers to bypass two-factor authentication entirely. One security firm documented over 800 malvertising-related attacks distributing info-stealers in just the first six months of 2023. Averaging roughly five attacks per day.

The business logic is self-reinforcing and it makes your stomach turn once you see it clearly. Malvertising distributes the info-stealer. The info-stealer harvests credentials. Those credentials are sold in underground markets. Ransomware operators purchase the credentials to gain initial access to corporate networks. Then the ransomware encrypts everything and demands payment. The advertising system didn't just deliver one attack. It seeded the next three.

There was also a strange interlude from 2017 to 2019 when cryptocurrency mining was the rage. One mining script held 62 percent market share among website miners. At its peak, one security company was blocking over five million connection attempts to this mining service every day. In January 2018, the script was found injected through a major advertising network's ads, affecting users across Japan, France, Taiwan, Italy, and Spain, consuming up to 80 percent of their CPU power while they browsed. Video-sharing platforms served cryptomining ads during this period too. The mining service shut down in March 2019, but the technique remains available to anyone willing to try it.

And then there are the tech support scams. Browser lockers that freeze your screen, display a fake warning message, and provide a phone number to call. Average victims paid approximately $400 for "support" they didn't need from people who weren't technicians. The most sophisticated browser locker ever documented used steganography in PNG images combined with one-time session tokens and anti-bot fingerprinting, and operated on the start pages of major browsers.

The Websites That Got Caught in the Crossfire

This is not a story about obscure, disreputable websites. The list of legitimate publishers that have unknowingly served malvertising to their readers includes the largest names in digital media. In one weekend in March 2016, a single campaign simultaneously compromised advertisements appearing on some of the most-visited news sites, portals, sports networks, real estate platforms, and weather services in the English-speaking world. Sites with a combined two billion monthly visits. Serving ransomware.

One major web portal was struck repeatedly: a 2013 campaign reaching its 6.9 billion monthly visitors, a January 2014 incident infecting an estimated 27,000 visitors per hour through its homepage, a December 2014 attack affecting over 200 million users. A music streaming platform was hit with a drive-by download attack in 2011 that required zero interaction. These aren't edge cases. When you compromise the advertising supply chain, you compromise every site connected to it. And nearly every major site is connected.

The most uncomfortable case involved a major business publication that required visitors to disable their ad blockers before viewing content. Visitors who complied were immediately served malware through the very ad system they had been asked to trust.

Can It Still Be Done?

Yes. But the method has evolved.

The classic drive-by download—silent infection through browser plugin vulnerabilities—is largely dead. Adobe Flash reached end of life in December 2020. Java applets are gone from modern browsers. Silverlight is extinct. The attack surface that powered the exploit kit era has been dramatically reduced. Modern browsers sandbox advertising content, block downloads from cross-origin iframes, and will automatically unload ads that consume excessive system resources. These are meaningful improvements.

But the attackers adapted. The dominant technique in 2023 through 2026 doesn't exploit browser vulnerabilities at all. It exploits human behaviour. Criminals purchase search engine advertisements for popular software—VPN clients, PDF editors, messaging applications, AI tools—and bid high enough to place their sponsored results above the legitimate organic search results. The user searches for software they want, clicks what appears to be the official result, and downloads a trojanised installer from a convincingly cloned website. One security report from early 2024 found that 25 percent of all malware arrived via web browser downloads, with malvertising a key driver.

One firm reported a 42 percent month-over-month increase in malvertising incidents in the fall of 2023. In early 2025, a campaign that used streaming websites with malvertising redirectors embedded in video player frames compromised nearly one million devices globally, deploying info-stealers and remote access tools through legitimate hosting platforms. The attackers used 12 different digital certificates, all of which had to be individually revoked.

AI-themed bait has replaced traditional software impersonation as the dominant lure. Thousands of malicious advertisements promoting fake AI image generators, AI video editors, and AI design tools appeared across major social media platforms and search engines through 2025. One documented campaign achieved 2.3 million reach in the European Union alone. Another distributed a trojanised PDF editor through search engine ads with a programmed 56-day dormancy period. Nearly two months of silence before the malware activated. Enough time for the victim to forget where they downloaded the software in the first place.

And the advertisers themselves are now targets. In early 2025, researchers uncovered what they called the most brazen malvertising operation they had ever tracked—criminals purchasing search engine ads to phish the login credentials of other advertisers. Stealing their accounts. Then using those legitimate, verified accounts to push malicious campaigns that bypass every security check, because the account was real. Had history. Had reputation. Was trusted.

The problem is structural. The advertising ecosystem processes trillions of impressions annually. Google alone removed 5.1 billion policy-violating ads in 2024 and suspended 39.2 million advertiser accounts. Those are real numbers, representing real enforcement. But one in every 90 impressions still posed a security or quality risk according to independent monitoring. In Canada specifically, the rate was one malicious ad in every 75.

What's Being Done About It

Defence operates in layers, and none of them are sufficient alone.

At the ad platform level, enforcement has increased substantially. AI-driven detection now catches 97 percent of publisher policy violations on the largest search advertising platform. Over 50 large language model enhancements were deployed in 2024 specifically targeting ad fraud. Deepfake scam ad reports dropped 90 percent following focused enforcement. The second-largest search advertising platform removed or restricted over one billion ads and suspended 475,000 accounts in the same year.

Specialised verification companies monitor the advertising supply chain directly. One firm analyses over one trillion impressions annually, integrating directly into supply-side and demand-side platforms for real-time blocking. Another uses patented behavioural code analysis for pre-impression blocking, with clients reporting 80 to 90 percent reductions in malicious activity. A third takes a particularly clever approach: it allows the malicious ad auction to complete, so the attacker pays for the impression, but blocks the malicious code from executing. Making the attack unprofitable without tipping off the attacker.

Browser-level defences have improved considerably. Chrome's Enhanced Protection uses an on-device AI model for real-time scam detection. Firefox blocks cryptominers and fingerprinters by default. Safari's tracking prevention system, introduced in 2017 and progressively strengthened, blocks all third-party cookies by default with a maximum cookie lifespan of seven days. But protection is uneven. Data from 2022 showed that users of one major browser experienced a malvertising rate three times worse than users of the market leader.

Industry transparency standards have helped. A protocol called ads.txt, launched in 2017, allows publishers to publicly list companies authorised to sell their advertising inventory. Its counterpart lets buyers cross-reference seller identities. An industry certification programme found that certified channels reduced invalid traffic rates to 1.41 percent—an 88 percent reduction compared to the industry average.

Ad blockers are the most effective individual defence measure. Both the FBI and CISA now explicitly recommend their use. One study found a leading ad blocker reduced page load times by 28.5 percent. But there's a catch. The most popular browser in the world permanently disabled support for the full version of the most effective ad blocker in July 2025, replacing it with a reduced-capability version lacking custom filters and dynamic filtering. Only one major browser still supports the original. Draw your own conclusions about incentive structures.

The Law Has Not Kept Up

No standalone federal law in the United States specifically addresses malvertising. Prosecutions rely on wire fraud statutes carrying up to 20 years and computer fraud laws carrying up to five. The consumer protection agency has not brought enforcement actions specifically targeting malvertising.

The most significant prosecution to date, brought in August 2024, charged an individual with distributing exploit kits and operating malvertising and ransomware schemes over nearly a decade. The investigation required cooperation between agencies in the United Kingdom, the United States, Spain, Poland, and Singapore. Maximum sentences total 37 years. A separate 2019 indictment involved campaigns that forced victims to view malicious advertisements over 100 million times between 2013 and 2018.

The European Union's Digital Services Act, fully applied since February 2024, represents the strongest regulatory response. It requires large platforms to maintain publicly accessible advertising repositories showing ad content, sponsors, and targeting parameters. The first fine under this law, issued in December 2025 against a social media platform, specifically cited the platform's non-transparent advertising repository as undermining the ability of researchers and regulators to detect malvertising.

The United Kingdom's national cybersecurity centre published its first dedicated malvertising guidance in 2024, noting that while less than one percent of ads globally were classified as security violations, this still amounted to nearly three billion malicious ad views.

Three billion. Less than one percent. Let those numbers sit together for a moment.

Where This Leaves You

Malvertising persists because it exploits a contradiction that nobody has figured out how to resolve. The speed, automation, and scale that make digital advertising economically viable are exactly the properties that make it impossible to screen every impression for threats. You cannot run a millisecond auction and also conduct a thorough security review. The economics forbid it. The physics of computation forbid it. So the system moves fast and patches later, and the attackers live in the gap between the two.

The good news, if you want to call it that, is that the era of silent, no-click infection through browser plugins is mostly over. The bad news is that the replacement—social engineering through search engine ads and fake software downloads—requires no technical vulnerability at all. Just a person, searching for something reasonable, clicking the first result.

What can you do? Run an ad blocker, on a browser that still supports effective ones. Keep your operating system and browser updated. Be suspicious of sponsored search results, even on trusted search engines. Type URLs directly rather than clicking ads. Use a DNS filtering service. And understand, fundamentally, that the advertising system serving those banner ads on your favourite websites was not designed with your safety in mind. It was designed to be fast. It was designed to make money. And the people who figured out how to weaponise it are, right now, still figuring out what comes next.

Some things in this world are not broken because of a flaw in the design. They're broken because the design is working exactly as intended, and someone else found a use for it that nobody anticipated. That's malvertising. The machine is running perfectly. It's just that something got into the gears.