While the problem of ‘malvertising’ (malicious advertising) is not something that is top-of-mind to businesses and consumers, criminal interest in using ads to conduct malware attacks has grown steadily for years.
The Trustworthy Accountability Group (TAG), an anti-fraud advocacy organization for the advertising industry, defines malvertising as the “exploitation of digital advertising to enable bad actors to spread malware and circumvent systems in a way that harms end users, publishers, and platforms. These cyber-attack activities rely on digital ads that are designed to deploy payloads with explicitly malicious intent or enable systems to be compromised by bad actors.”
Malicious actors may pay digital advertising networks to display the infected ads on various websites, exposing every user visiting these sites to the potential risk of infection, while advertising networks and websites may remain unaware that they are serving such content.
Taxonomy for malvertising
Now that malvertising is a problem at scale, the need for the digital advertising industry to collaborate and build momentum in the fight against malvertising has grown.
In April 2024, TAG released its Malvertising Taxonomy, to provide a consistent framework and common language for discussion and reporting of these issues across the digital advertising ecosystem; with an objective to improve identification, analysis and resolution of malvertising events and threat vectors.
There are many different forms of malvertising, categorized by various actions triggered when the ad is served to a user. Bad actors may also incorporate obfuscation or cloaking techniques to evade detection.
Malvertising can occur through (but is not limited to) the injection of unwanted or malicious code into ads. A report by the Digital Citizens Alliance, White Bullet Solutions and Unit 221B, a cybersecurity company. found that malicious ads seek access to steal banking information, download spyware to track a user’s activities, and identify devices for later attacks.
Knowledge is power
TAG runs a comprehensive advertising threat intelligence program, which seeks to gather and analyze threats – such as cybersecurity and malvertising – targeted against digital advertising, in order to reduce harm against consumers and the supply chain.
In addition to its Malvertising Taxonomy, TAG publishes a Pirate Domain Exclusion List (PDEL), which maintains a list of domains that have been identified to include pirated content. PDEL aggregates member-contributed data to assist companies in identifying potential domains with pirated content.
TAG also runs an anti-malvertising working group and a certification program that provides best-practices to advertising industry stakeholders, to help them combat malvertising.
Why it matters
The common element is the use of the ad creative (including pixels, code, intended landing pages, and/or other aspects of creative assets), or any other vulnerable points along the advertising supply and/or demand chain, to harm the end user.
TAG research has shown that over 80% of UK and US consumers would reduce their spending by more than half if an advertised product infected their devices with malvertising, and over 57% would stop buying that product entirely.
Further reading
TAG Malvertising Taxonomy. Version 2.0. Released April 2024. Trustworthy Accountability Group (TAG)
TAG Threat Intelligence Landing page. Accessed June 2026. Trustworthy Accountability Group (TAG)
