Mark was reading the New York Times over lunch. He didn't click a link, didn't download an attachment, didn't install anything. A week later, his work laptop and four more on his team showed up on a ransomware dashboard on the dark web. The forensic trail led to a single common factor: an ad banner on a news homepage that had been poisoned between 11 and noon.

This is malvertising. An attacker slips malicious code into a legitimate ad network, and anyone whose browser loads the banner gets attacked without clicking a thing. The site you're on is legitimate. The ad network is legitimate. The ad unit is delivering JavaScript that probes your browser and, if a known vulnerability matches, runs code before you finish reading the current sentence.

What malvertising actually is

Ads on the web aren't delivered by the site publisher. They're auctioned in real time through programmatic marketplaces, relayed through dozens of intermediaries, and after one to four redirects the final creative lands inside an iframe on the page you're reading. Every redirect is an opportunity to deliver something different from what the publisher approved.

Malvertising exploits exactly that complexity. An attacker buys ad space like a real customer. They serve clean creatives first, pass the review process, and then rotate to the malicious payload a few days later. Or they compromise the account of a legitimate ad buyer and push code through existing campaigns.

The result is the same. A reputable website shows you a banner capable of attacking you. The site did nothing wrong. You did nothing wrong. The attack happens inside a frame that neither you nor the site controls.

How a malicious ad takes over your browser

A browser loading a page that contains an iframe, with a small chain of redirect arrows leading to an exploit kit icon

The attack runs in four phases, and all four happen before the banner is even visible.

Probe. The script inside the ad iframe reads your user agent, browser version, plugins, timezone, and a handful of device characteristics. Within 50 milliseconds it knows whether you're a worthwhile target. Corporate laptops on outdated browsers are preferred; personal Android devices are skipped; known security researcher environments are filtered out.

Match. The script compares your signature to a catalog of exploits. Exploit kits like RIG, Fallout, and the newer Magnitude successors keep a library of known, frequently unpatched vulnerabilities ready to go.

Deliver. If an exploit matches, the iframe loads a second-stage payload. It might be a crafted PDF reader call, a WebGL shader, or a JIT bug in the JavaScript engine, whatever breaks out of the browser on your specific build.

Execute. Foreign code now runs with your permissions. It installs an infostealer, a cryptominer, or the initial access used by a ransomware gang. The banner renders normally the whole time so nothing looks off to you.

Incidents on sites you know

Malvertising is not a theoretical risk. The New York Times, BBC, MSN, AOL, and the Yahoo homepage have all been turned into malware distribution points through ad networks, usually without knowing it until a security researcher made the campaign public.

Forbes spent a few years blocking readers using ad blockers and asking them to disable them. After many readers complied, the magazine became a malware distribution point through its own ad inventory, twice, within a few weeks. The problem isn't the publisher. The problem is the ad supply chain.

1 in 100

ad impressions may deliver malicious code

72 hours

average campaign lifetime before detection

+42%

rise in reported malvertising incidents 2024-2025

Why antivirus and ad blockers don't catch it

A browser with a shield icon in front of it, the shield marked with a diagonal line indicating partial protection

Traditional antivirus matches files against signatures of known malware. Malvertising delivers code that has never touched a disk. The payload runs straight from memory, often from a WebAssembly blob, and cleans up after itself. There's nothing an AV scanner can see in the classic sense. See Why Antivirus Fails for the longer version.

Ad blockers help but aren't a cure. They block known ad servers. Attackers buying campaigns through legitimate networks are, by definition, not on block lists. Plus, many sites now ship ads from their own infrastructure, which blockers can't touch without breaking the site.

Browsers get patched every month, but weeks pass between disclosure and wide rollout. In that gap, exploit kits update. If your browser was patched yesterday but attackers have known about the exploit for four weeks, they were four weeks ahead.

Browsing without being a target

A browser window inside a dashed bubble, a second dashed arrow coming from outside the bubble stopping at its edge

The only reliable defense against malvertising is to decouple the browser from the machine holding your data. If your browser runs inside an isolated environment, the exploit still fires but it hits a disposable VM that disappears when your session ends. The payload doesn't land on your machine; it lands in a container the platform rebuilds before the next user gets it.

For sensitive browsing, make this split your default. Research on unfamiliar sites, reading the news during active campaign windows, opening a link from a newsletter, any moment where an isolated browser contains the blast radius before anything happens. Your everyday browser stays reserved for trusted sites where you're already signed in.

Ready to unlock desktop power on any device?

Try Browser.lol free and experience true mobile productivity.

Start Your Desktop Browser

No downloads required • Works on any device

Used by 250k+ professionals

Full desktop compatibility

Instant setup