The Web site Comparitech published an excellent backgrounder about malvertising. Unlike ‘adware,’ which is a type of malware unto itself, malvertising is a technique used by pirates (and others) to distribute fraudulent advertising, which in turn could be used to distribute malware or execute other types of attacks.
The article details how attackers can distribute via an automated ad aggregator using programmatic targeting techniques, by paying a site to carry their ads, or by creating their own online ad agencies. One cybercriminal created 28 fraudulent ad agencies and distributed an estimated one billion malicious ads.
Why it matters
Pirates have used malvertising for years, and there have been some high profile cases. One recent example of the theft of programmatic advertising is TeaTV. Another, a cybercriminal operation called Zirconium, created 28 fraudulent ad agencies and distributed an estimated one billion malicious ads in 2017 alone.
In addition, malvertising can be used to force site redirects, to trick users to install fake software updates, or to hide malicious code in graphic images.