Malware attacks are on the rise and along with them, their subcategory – malvertising. Chances are, you've probably already come across a piece of malware on a random shopping website, without even realizing it, and dodged a disaster by a hairbreadth. Or, even worse, you've experienced the full blow of such an incident, losing your precious time, patience, and/or money.
To help you avoid incidents like this in the future, and prevent even worse scenarios, we bring you the latest and most relevant malvertising facts and statistics for 2022. We also explain in more detail how malvertising works and how to ward off such malicious attempts.
Malvertising facts and statistics
In this section, we summarized some of the key malvertising facts and statistics for the last few years. It's a great way to exemplify how these scams operate and showcase the latest cybersecurity trends.
1. $500 billion a month is lost on malvertising and other cybercrime
According to Cybersecurity Ventures, the total cost of cybercrime (including malvertising attacks) worldwide went from $3 trillion per year in 2015 to over $6 trillion in 2021. In other words, the loss figures have doubled over a five-year span. This also means that $500 billion is lost on malvertising and other cybercrime each month.
2. Malvertising and other damage caused by malware could reach $10.5 trillion by 2025
Safety Detectives came up with similar findings as Cybersecurity Ventures. They estimate the total damage of malvertising and other malware-related frauds to reach $10.5 trillion by the end of 2025.
3. Malvertising attacks have increased by over 70% during the COVID-19 pandemic peaks
The Q3 2020 Smart Report by Clean.io showed that malvertising attacks worldwide have peaked alongside the pandemic. Although malvertising attacks dropped shortly in the Q2 of 2020, they have skyrocketed in Q3 – with an average 72% increase since the beginning of the pandemic.
4. Facebook browser is the biggest source of malvertising
Facebook's embedded browser is not only still the biggest source of puzzlement for many boomers but, according to the above report, is also the biggest source of malvertising threats.
In 2020 it was the most attacked browser, accounting for 52.4% of all attacks by volume, despite taking only 6% of total views on that platform. The Clean.io report also showed that dangers on Facebook were 6 to 8 times higher compared to the other (mainstream) browsers, including Chrome, Safari, Firefox, and their mobile counterparts.
5. Folks in the US, Canada, and Europe are the most exposed
The US, Canada, and Europe remain the primary targets of malvertising. The top five attacked countries in the Q3 of 2020 were the United Kingdom, the United States, Switzerland, Ireland, and Canada. Around the same time, countries like Malaysia and Argentina made their way to the top 15 threatened countries, with a 2000% and 1678% quarter-over-quarter increase in malvertising threats, respectively.
6. Malvertising costs are among the most difficult to predict
Research by eMarketer points out that, although estimated at billions, malvertising costs are among the most difficult to calculate and predict precisely. The volatility of the grey economy and the speedy pace at which malvertising is developing make this task almost impossible. And so, the estimated loss in the next few years spans from $6.5 billion to a whopping $19 billion a year.
7. Financial gain motivates the great majority of cybercriminals
This one doesn't come as a surprise. Like other cybercriminals, most malvertisers are motivated by the possibility of cash extortion from victims. In fact, according to, as much as 76% of all cyber crimes are motivated by financial gain.
8. Shopping apps are the #1 hazard in iOS
According to Mobile Ad Fraud Report by Interceptd, almost one-third (32.9%) of all shopping apps available for iOS involve some kind of fraudulent activity. This makes shopping apps the most dangerous app category on the iOS App Store. Finance apps are the second most hazardous channel for getting infected by malware, and social networking apps are third.
With Android apps, shopping apps are the second hardest hit category, and finance apps are the lead hazard. Shown as percentages, that's 35.2% of all finance apps and 32.8% of shopping apps caught with malware on Google Play.
9. Overall, Android users are more exposed to malvertising than iOS users
In the same report, Interceptd revealed that 26.9% of all app installs on Google Play are fraudulent. The percentage of malicious apps in the App Store is somewhat less, 21.3% to be precise. In other words, iOS users are in a slightly better position for downloading shopping (and other) apps safely.
10. Piracy websites thrive on malvertising
A Breaking (B)ads report by Digital Citizens Alliance shed light on another important finding – piracy sites make a lot of money thanks to malvertising. The report deals with advertiser-supported piracy in general, but also reveals a lot of specific data. For example, it estimates the annual revenue of pirating websites reaped through malvertising to be $1.34 billion.
11. 11% of ads on piracy apps are fraudulent or contain malware
The above report also shows that, of all ads on piracy apps, nearly 11% contain malware or involve other types of fraudulent activities. With piracy websites that percentage is less, approximately 8%.
12. 'Clickjacking' is the most common type of malvertising on mobile devices
Clean.io’s Q3 2020 Smart Report singles out 'clickjacking' as the most prevalent malvertising attack type on mobile devices. Clickjacking is a cyber attacking technique that replaces a legitimate webpage element with a malicious one to trick users into clicking on it. It's relatively easy to create, and, since mobile device users tap a lot on their screens, the success of this deceitful technique is almost certain.
The second most prevalent attack type on mobile devices was 'other redirects', which, as their name suggests, redirects you to other (malicious) sites.
13. On desktops, 'other redirects' is the highest reported type of malvertising
According to the same report, the most frequent attack type on desktop devices was 'other redirects'. 'Client-side injections', which usually get executed through wicked browser extensions, were the next most significant danger, and 'clickjacking' came in third.
14. Malvertising attacks spiked during holidays
The data that Clean.io collected showed quite uneven instances of malvertising attacks throughout 2020. However, big national holidays, such as Labor Day and the 4th of July, saw very apparent spikes in the attacks.
People are more relaxed and shop more during holidays, and threat actors see a great opportunity in such circumstances. It's important to remember that criminals won't take holidays around the same time as you would. Quite the opposite, it's when they are the most active.
15. Employees still (unintentionally) facilitate most cyber attacks
More than half (52%) of executives believe their employees are the largest threat to their company's operational security, whether accidentally or intentionally, according to a Newsweek Vantage independent report. The report surveyed businesses all over the world and came to many other useful cyber security findings.
16. One in every 100 ads contains malicious code
With malvertising continuously rising and evolving, findings that 1 in every 100 ads comes with malicious content are not surprising. Confiant went one step further, suggesting that we are likely to get in contact with malvertising on nearly every fifth website – as the average user sees four to five ads per internet site.
17. Ads are becoming more dangerous and more disruptive
Based on a sample of billions of advertising impressions on tens of thousands of sites and apps, monitored throughout a year, Confiant releases a valuable ad quality/security report each quarter.
The latest Q4 2021 report shows that 1 in every 125 advertising impressions was dangerous or disruptive to users. For comparison's sake, in Q4 2020, 1 in every 260 impressions was dangerous or disruptive, and in Q4 2019, 1 in every 150.
18. Most malvertising attacks happen on Friday
For some time weekends were the most dangerous part of a week malware-wise. Researchers believed that most cyber attacks happened on Saturday and Sunday due to websites being understaffed, while usually there were more visitors and trespassers on these days.
However, Confiant's malvertising and ad quality report for Q4 2021 shows quite a steady distribution of malware attacks throughout the week, with slightly higher violation rates on Fridays.
19. The most popular malvertising exploit is the Angler Exploit Kit
Center for Internet Security (CIS) ranks the Angler Exploit Kit as the most used exploit kit for malvertising. This kit exploits Angler vulnerabilities in Adobe Flash, Microsoft Silverlight, and Oracle Java, which are popular extensions running on many popular web browsers.
Angler is perfect for malvertisers thanks to its different state-of-the-art evasion techniques, including dynamic (changing) URL, various encoding schemes (base64, RC4, etc.), and multiple layers of obfuscation (cloaking). All of these make it almost undetectable by most malware scanners that are looking for infections.
20. Gambling and cryptocurrency-related ads are the most blocked ads across the web
According to Confiant, Gambling remained the most blocked advertisement category for the third consecutive quarter in 2021. Cryptocurrency advertising climbed to 2nd place in Q4 2021, probably as a consequence of web3 projects. Pharmaceutical Drugs were the third most blocked advertisements category.
21. 1 in 3 US adult citizens are targeted by gift card scams
In 2018, approximately 300 million iPhone browser sessions got compromised by a gift card scam – certainly not the first thing that would cross your mind on the mention of malvertising.
As malvertising attacks are getting more common and more sophisticated, the AARP made a detailed survey of US consumers. As it turns out, out of the 2,179 people surveyed in January and February 2022, over 30% encountered fake requests for payment by gift card, and 23% experienced receiving/being offered gift cards with no funds on them.
22. 94% of malware gets delivered via email
According to Verizon's 2019 Data Breach Investigations Report, email remains the most common point of entry for different kinds of malware attacks, including phishing, pretexting, bribery, and extortion. What's more, surveyed companies said they received over 90% of detected malware via email.
How does malvertising work?
Although a relatively new form of malware distribution, malvertising expanded throughout the internet and reached its record number in the last few years. The COVID-19 pandemic certainly helped to boost these negative scores, with shopping habits fundamentally changing and the highest ever number of purchases happening online.
While malvertising can take many forms, one thing they all have in common is the distribution of malware through online advertisements. Threat actors or "malvertisers" nowadays employ different strategies to achieve this, but with the same goal of a victim downloading malware or getting redirected to a malicious server. Therefore, it can be very difficult to tell which ads online are genuine and which ones are hiding malware.
Not to mention, malvertisers use various tricks to submit their malware-infected ads to different marketing third-parties and ad vendors, of which many are reputable – which serves them as a great cover-up.
Although most online vendors are well-familiar with malvertising and invest a great deal of effort to avert such offers, this is not always easy, especially with malvertisers becoming more creative and more sly. And so, they often fail to distinguish between scams and earnest offers. That's why it’s super important to only work with (and shop from) trusted vendors and websites, but even then, stay on alert for potential threats and irregularities.
Types of malvertising
New types of malvertising are emerging every day, and so it would be nearly impossible (and very time-consuming) to list them all. But, here are the most common and frequent subcategories of malware distributed through ads:
How malvertising is distributed
Cybercriminals use different alluring methods to present their malicious adverts and get you to interact with them. Some of them are:
- Banner ads – malicious code is hiding behind a generous offer, for example, a big discount, giveaway scheme, and similar malvertising that's hard to say no to.
- Pop-ups – if you see random windows popping up in places where you wouldn't expect them and with unrelated or poorly composed content, don't click on them. Almost 100% of these random pop-ups are fake and infected by malware.
- Fake antivirus ads – basically work as scareware. By pretending to be an antivirus program and besieging the user with pop-ups and non-existent virus warnings, this type of malvertising convinces them to buy fake AV software. The fictional threat becomes real only once they download the fake antivirus software.
- Fake video players – promote attractive or popular videos/movies that you've been looking for somewhere else on the internet. However, once you click on it, your system gets infected with malware. Remember, finding quality content online usually is not that easy, and the chances of it finding you are even smaller.
- Chain text messages – usually circulate on WhatsApp, Messenger, Telegram, and similar apps. They contain a convincing forward request and often include a malicious link. Once you do what you've been asked for and send it to your friends, the hacking opportunities for cyber criminals multiply.
How to protect yourself from malvertising attacks?
Unfortunately, there's no single solution or quick fix to protect you from all the malvertising attacks that ever existed or will come into existence. Likewise, installing single anti-malware protection won't suffice because malvertising comes in layers and includes a wide network of criminals and systems. Instead, we have to take a set of safety precautions and exercise smart online decisions daily. These include:
- Stay up-to-date with both your software and the latest news from the world of malvertising. Updating all your apps and software will patch most of the vulnerabilities and reduce your chances of getting infected by some nasty malware. On top of that, by following tech news and getting regularly informed about the latest threats and campaigns, you can place yourself one step ahead of all dangers.
- Choose a good antivirus/anti-malware solution for your computer/mobile device. These solutions may not protect you against every single type of malware, but they are a great first line of defense, and they work with many known and widespread malware you're at risk of catching.
- Always scan online content for fake ads and then avoid them. A lot of information from this article can help you recognize harmful or fake advertisements.
- Use an ad-blocker. Same as antivirus, it's not an all-in-one solution, but it will block most advertisements from displaying on websites, and, therefore, reduce your chance of viewing or clicking on an ad that could carry a harmful code in it.
- Do your own research. You'll often find yourself in a situation where you'll feel tempted to click on an ad as it is, because, well, it's the easiest way. However, from the security aspect, it's always worth spending a minute or two longer on visiting the company’s official website and current offers before clicking on the ad that caught your interest. If there are no such offers, or the website itself is inexistent, you'll know what (not) to do. Researching sales and offers is much safer and it will save you a lot of time and resources in the long run.
- Ignore clickbait even if they seem very convincing and appear to come from a trustworthy source. Simply put, if you avoid clicking on random advertisements, you'll escape malvertisments as well.