ProPrivacy is reader supported and sometimes receives a commission when you make purchases using links on this site.

20+ Malvertising Facts and Statistics for 2024 – Protect Yourself From Malvertising Attempts

Malware attacks are on the rise and along with them, their subcategory – malvertising. Chances are, you've probably already come across a piece of malware on a random shopping website, without even realizing it, and dodged a disaster by a hairbreadth. Or, even worse, you've experienced the full blow of such an incident, losing your precious time, patience, and/or money.

 

To help you avoid incidents like this in the future, and prevent even worse scenarios, we bring you the latest and most relevant malvertising facts and statistics for 2024. We also explain in more detail how malvertising works and how to ward off such malicious attempts. 

Malvertising facts and statistics

In this section, we summarized some of the key malvertising facts and statistics for the last few years. It's a great way to exemplify how these scams operate and showcase the latest cybersecurity trends.

1. $500 billion a month is lost on malvertising and other cybercrime

According to Cybersecurity Ventures, the total cost of cybercrime (including malvertising attacks) worldwide went from $3 trillion per year in 2015 to over $6 trillion in 2021. In other words, the loss figures have doubled over a five-year span. This also means that $500 billion is lost on malvertising and other cybercrime each month.

Cybercrima damage costs in 2021

2. Malvertising and other damage caused by malware could reach $10.5 trillion by 2025

Safety Detectives came up with similar findings as Cybersecurity Ventures. They estimate the total damage of malvertising and other malware-related frauds to reach $10.5 trillion by the end of 2025.

Global cost of malware chart

3. Malvertising attacks have increased by over 70% during the COVID-19 pandemic peaks

The Q3 2020 Smart Report by Clean.io showed that malvertising attacks worldwide have peaked alongside the pandemic. Although malvertising attacks dropped shortly in the Q2 of 2020, they have skyrocketed in Q3 – with an average 72% increase since the beginning of the pandemic.

Malvertising attacks during the pandemic chart

4. Facebook browser is the biggest source of malvertising

Facebook's embedded browser is not only still the biggest source of puzzlement for many boomers but, according to the above report, is also the biggest source of malvertising threats.

In 2020 it was the most attacked browser, accounting for 52.4% of all attacks by volume, despite taking only 6% of total views on that platform. The Clean.io report also showed that dangers on Facebook were 6 to 8 times higher compared to the other (mainstream) browsers, including Chrome, Safari, Firefox, and their mobile counterparts.

Facebook browser as the biggest source of malvertising pie chart

5. Folks in the US, Canada, and Europe are the most exposed

The US, Canada, and Europe remain the primary targets of malvertising. The top five attacked countries in the Q3 of 2020 were the United Kingdom, the United States, Switzerland, Ireland, and Canada. Around the same time, countries like Malaysia and Argentina made their way to the top 15 threatened countries, with a 2000% and 1678% quarter-over-quarter increase in malvertising threats, respectively.

Malvertising threats by regions, a map

6. Malvertising costs are among the most difficult to predict

Research by eMarketer points out that, although ‌estimated at billions, malvertising costs are among the most difficult to calculate and predict precisely. The volatility of the grey economy and the speedy pace at which malvertising is developing make this task almost impossible. And so, the estimated loss in the next few years spans from $6.5 billion to a whopping $19 billion a year.

7. Financial gain motivates the great majority of cybercriminals

This one doesn't come as a surprise. Like other cybercriminals, most malvertisers are motivated by the possibility of cash extortion from victims. In fact, according to, as much as 76% of all cyber crimes are motivated by financial gain.

Financial gain motivates most cybercriminals

8. Shopping apps are the #1 hazard in iOS

According to Mobile Ad Fraud Report by Interceptd, almost one-third (32.9%) of all shopping apps available for iOS involve some kind of fraudulent activity. This makes shopping apps the most dangerous app category on the iOS App Store. Finance apps are the second most hazardous channel for getting infected by malware, and social networking apps are third.

With Android apps, shopping apps are the second hardest hit category, and finance apps are the lead hazard. Shown as percentages, that's 35.2% of all finance apps and 32.8% of shopping apps caught with malware on Google Play.

iOS shopping apps contain malware one-third of times

9. Overall, Android users are more exposed to malvertising than iOS users

In the same report, Interceptd revealed that 26.9% of all app installs on Google Play are fraudulent. The percentage of malicious apps in the App Store is somewhat less, 21.3% to be precise. In other words, iOS users are in a slightly better position for downloading shopping (and other) apps safely.

10. Piracy websites thrive on malvertising

A Breaking (B)ads report by Digital Citizens Alliance shed light on another important finding – piracy sites make a lot of money thanks to malvertising. The report deals with advertiser-supported piracy in general, but also reveals a lot of specific data. For example, it estimates the annual revenue of pirating websites reaped through malvertising to be $1.34 billion.

11. 11% of ads on piracy apps are fraudulent or contain malware

The above report also shows that, of all ads on piracy apps, nearly 11% contain malware or involve other types of fraudulent activities. With piracy websites that percentage is ‌less, approximately 8%.

Ad type breakdown on piracy apps

12. 'Clickjacking' is the most common type of malvertising on mobile devices

Clean.io’s Q3 2020 Smart Report singles out 'clickjacking' as the most prevalent malvertising attack type on mobile devices. Clickjacking is a cyber attacking technique that replaces a legitimate webpage element with a malicious one to trick users into clicking on it. It's relatively easy to create, and, since mobile device users‌ tap a lot on their screens, the success of this deceitful technique is almost certain.

The second most prevalent attack type on mobile devices was 'other redirects', which, as their name suggests, redirects you to other (malicious) sites.

13. On desktops, 'other redirects' is the highest reported type of malvertising

According to the same report, the most frequent attack type on desktop devices was 'other redirects'. 'Client-side injections', which usually get executed through wicked browser extensions, were the next most significant danger, and 'clickjacking' came in third.

Attack type on desktop vs. mobile web pie chart

14. Malvertising attacks spiked during holidays

The data that Clean.io collected showed quite uneven instances of malvertising attacks throughout 2020. However, big national holidays, such as Labor Day and the 4th of July, saw very apparent spikes in the attacks.

People are more relaxed and shop more during holidays, and threat actors see a great opportunity in such circumstances. It's important to remember that criminals won't take holidays around the same time as you would. Quite the opposite, it's when they are the most active.

15. Employees still (unintentionally) facilitate most cyber attacks

More than half (52%) of executives believe their employees are the largest threat to their company's operational security, whether accidentally or intentionally, according to a Newsweek Vantage independent report. The report surveyed businesses all over the world and came to many other useful cyber security findings.

Errant insiders by type, pie chart

16. One in every 100 ads contains malicious code

With malvertising continuously rising and evolving, findings that 1 in every 100 ads comes with malicious content are not surprising. Confiant went one step further, suggesting that we are likely to get in contact with malvertising on nearly every fifth website – as the average user sees four to five ads per internet site.

17. Ads are becoming more dangerous and more disruptive

Based on a sample of billions of advertising impressions on tens of thousands of sites and apps, monitored throughout a year, Confiant releases a valuable ad quality/security report each quarter.

The latest Q4 2021 report shows that 1 in every 125 advertising impressions was dangerous or disruptive to users. For comparison's sake, in Q4 2020, 1 in every 260 impressions was dangerous or disruptive, and in Q4 2019, 1 in every 150.

Advertisment trends chart

18. Most malvertising attacks happen on Friday

For some time weekends were the most dangerous part of a week malware-wise. Researchers believed that most cyber attacks happened on Saturday and Sunday due to websites being understaffed, while usually there were more visitors and trespassers on these days.

However, Confiant's malvertising and ad quality report for Q4 2021 shows quite a steady distribution of malware attacks throughout the week, with slightly higher violation rates on Fridays.

Malvertising attacks by days in a week, statistics

19. The most popular malvertising exploit is the Angler Exploit Kit

Center for Internet Security (CIS) ranks the Angler Exploit Kit as the most used exploit kit for malvertising. This kit exploits Angler vulnerabilities in Adobe Flash, Microsoft Silverlight, and Oracle Java, which are popular extensions running on many popular web browsers. 

Angler is perfect for malvertisers thanks to its different state-of-the-art evasion techniques, including dynamic (changing) URL, various encoding schemes (base64, RC4, etc.), and multiple layers of obfuscation (cloaking). All of these make it almost undetectable by most malware scanners that are looking for infections. 

20. Gambling and cryptocurrency-related ads are the most blocked ads across the web

According to Confiant, Gambling remained the most blocked advertisement category for the third consecutive quarter in 2021. Cryptocurrency advertising climbed to 2nd place in Q4 2021, probably as a consequence of web3 projects. Pharmaceutical Drugs were the third most blocked advertisements category. 

The most blocked advertisement categories, pie chart

21. 1 in 3 US adult citizens are targeted by gift card scams

In 2018, approximately 300 million iPhone browser sessions got compromised by a gift card scam – certainly not the first thing that would cross your mind on the mention of malvertising.

As malvertising attacks are getting more common and more sophisticated, the AARP made a detailed survey of US consumers. As it turns out, out of the 2,179 people surveyed in January and February 2024, over 30% encountered fake requests for payment by gift card, and 23% experienced receiving/being offered gift cards with no funds on them.

22. 94% of malware gets delivered via email

According to Verizon's 2019 Data Breach Investigations Report, email remains the most common point of entry for different kinds of malware attacks, including phishing, pretexting, bribery, and extortion. What's more, surveyed companies said they received over 90% of detected malware via email.

How does malvertising work?

Although a relatively new form of malware distribution, malvertising expanded throughout the internet and reached its record number in the last few years. The COVID-19 pandemic certainly helped to boost these negative scores, with shopping habits fundamentally changing and the highest ever number of purchases happening online.

While malvertising can take many forms, one thing they all have in common is the distribution of malware through online advertisements. Threat actors or "malvertisers" nowadays employ different strategies to achieve this, but with the same goal of a victim downloading malware or getting redirected to a malicious server. Therefore, it can be very difficult to tell which ads online are genuine and which ones are hiding malware.

Not to mention, malvertisers use various tricks to submit their malware-infected ads to different marketing third-parties and ad vendors, of which many are reputable – which serves them as a great cover-up.

Although most online vendors are well-familiar with malvertising and invest a great deal of effort to avert such offers, this is not always easy, especially with malvertisers becoming more creative and more sly. And so, they often fail to distinguish between scams and earnest offers. That's why it’s super important to only work with (and shop from) trusted vendors and websites, but even then, ‌stay on alert for potential threats and irregularities.

Types of malvertising

New types of malvertising are emerging every day, and so it would be nearly impossible (and very time-consuming) to list them all. But, here are the most common and frequent subcategories of malware distributed through ads:

  • Spyware – is the type of malware distributed through ads (or similar methods) that, once installed, spies on your device to log your activities and steal your data. Spyware usually records your keystrokes and your webcam and microphone activity in order to fetch your passwords and other useful/profitable information.
  • Adware – is often mixed up with malvertising, which is a more general term. However, adware is a specific threat that installs malicious software onto your device. The malware then generates money for cybercriminals each time you click on it (intentionally or accidentally).
  • Ransomware – is one of the fastest growing and most profitable online threats. It consists of compromising a device and locking down any useful files and folders that can be used for blackmailing and money extortion later on.
  • Scareware – as the name suggests, comes with scary warning messages urging you to take immediate action, otherwise, something bad will happen to you or your device. But the truth is the opposite. You should never fall for messages like 'Call now' or 'Download Immediately' because once you do that, problems will start.
  • Malvertising trojans – disguise themselves as benevolent ads and then hijack your system by tampering with your files, snatching data, and downloading more malware. The ‌goal is to take full control of your device.
  • Cryptojacking – a malware that also looks like a regular ad when it first appears, but then installs crypto mining software on your computer, which is used by hackers to mine cryptocurrency.

How malvertising is distributed

Cybercriminals use different alluring methods to present their malicious adverts and get you to interact with them. Some of them are‌:

  • Banner ads – malicious code is hiding behind a generous offer, for example, a big discount, giveaway scheme, and similar malvertising that's hard to say no to.
  • Pop-ups – if you see random windows popping up in places where you wouldn't expect them and with unrelated or poorly composed content, don't click on them. Almost 100% of these random pop-ups are fake and infected by malware.
  • Fake antivirus ads – basically work as scareware. By pretending to be an antivirus program and besieging the user with pop-ups and non-existent virus warnings, this type of malvertising convinces them to buy fake AV software. The fictional threat becomes real only once they download the fake antivirus software.
  • Fake video players – promote attractive or popular videos/movies that you've been looking for somewhere else on the internet. However, once you click on it, your system gets infected with malware. Remember, finding quality content online usually is not that easy, and the chances of it finding you are even smaller.
  • Chain text messages – usually circulate on WhatsApp, Messenger, Telegram, and similar apps. They contain a convincing forward request and often include a malicious link. Once you do what you've been asked for and send it to your friends, the hacking opportunities for cyber criminals multiply.

How to protect yourself from malvertising attacks?

Unfortunately, there's no single solution or quick fix to protect you from all the malvertising attacks that ever existed or will come into existence. Likewise, installing single anti-malware protection won't suffice because malvertising comes in layers and includes a wide network of criminals and systems. Instead, we have to take a set of safety precautions and exercise smart online decisions daily. These include:

 

 

 

 

 

Written by: Danka Delić

With her BA in English Language and Literature, Private Pilot Licence, and passion for researching and writing, Danka brings further diversity to the team. As a former world traveler, she learned to appreciate cyber security and the necessity for digital privacy. Danka is a nature, animal, and written-word lover. She enjoys staying on the go, both mentally and physically, and spends most of her free time either reading or hiking with her dog.

2 Comments

John
on August 26, 2022
Great writing and great work danka will someone please give her some credit for writing all these articles, it takes time and you deserve credit for what you do.
Danka Delić replied to John
on October 5, 2022
Thanks John! I am really glad you liked the article.

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.

We recommend you check out one of these alternatives:

The fastest VPN we test, unblocks everything, with amazing service all round

A large brand offering great value at a cheap price

One of the largest VPNs, voted best VPN by Reddit

One of the cheapest VPNs out there, but an incredibly good service