How to Protect Yourself from Malvertising in 2025 (Before It Costs You Everything)

Shireen Stephenson • PublishedSeptember 25, 2025

Subscribe & Save 20% off Premium or Families plans

Enter your email

By subscribing, you agree to receive marketing communications regarding industry news and research, educational resources, and LastPass products and services. The processing of your personal data in accordance with the LastPass Privacy Policy. You can unsubscribe from marketing communications at any time.

Browse articles

Key Takeaways: Malvertising

Malvertising preys on four (4) primal emotions

AI is making malvertising smarter, deadlier, and harder to ignore in 2025

Security organizations and law enforcement agencies worldwide are joining the fight against malvertising

The right tools matter. Protecting yourself from malvertising involves vital options like ad security tools, industry-recommended ad security blockers, a Zero Trust mindset, and more.

The best password managers like LastPass are offering phishing-resistant options to help you stay ahead of malvertising

Imagine clicking on what looks like a cutting-edge video generator, only to download malware that steals all your passwords. This is malvertising or malicious advertising, the practice of embedding malware within ads.

You may think you’d never fall for it. But what if a click isn’t needed to get infected? Experts are telling us that malvertising has leveled up, and attackers are using AI to ensnare even more victims. Today, we uncover what modern-day malvertising is, answer the questions everyone’s asking, and talk about how LastPass can help you fight back.

What was the first malvertising?

Malvertising first reared its ugly head in 2007, when it appeared on platforms like Excite, Rhapsody, and MySpace.

On MySpace, attackers hijacked the profile of Grammy award-winning singer Alicia Keys to trick fans into buying fake antivirus software. Users who clicked anywhere on the page (and especially on Keys’ bare midriff) were redirected to a phishing site that encouraged them to make the purchase.

Starstruck fans who then entered their credit card details found their devices infected with both a rootkit and keylogger that captured every username and password they typed in.

Emboldened by this success, another group of scammers hijacked a New York Times ad to distribute malware in 2009. The scammers posed as legitimate advertisers by running Vonage ads before abruptly swapping for scareware pop-up ads.

Those ads ambushed readers with ominous warnings about non-existent viruses and pushed antivirus solutions. Those who panicked and downloaded the free “security tool” found their devices infected with credential-stealing malware.

These early campaigns demonstrated the cunning use of ads as malware delivery systems.

Fast forward to today, and threats like the recent spoofing of the Kling AI platform show how malvertising is evolving rapidly. This 2025 campaign used Facebook ads to push a fake AI-powered video and image generator.

Such sophisticated techniques are becoming the norm but one thing’s clear: They echo malvertising’s history of exploiting our trust in high-profile platforms.

Next, we’re going to talk about how malvertising works and the four (4) emotions it counts on to get you to drop your guard.

What is malvertising and how does it work?

You’re scrolling on Facebook when you see an ad for a dazzling new AI tool.

It promises to turn your selfies into cinematic masterpieces and your videos into Spielberg-worthy productions. Do you click?

Before you reach for your mouse, consider how malvertising works. It preys on your most primal instincts:

fear (“Your computer’s at risk”)

anger (“Act now! Scammers are stealing what’s rightfully yours.”)

curiosity (“See what everyone’s talking about”)

greed (“Grab your exclusive free offer”)

Ultimately, malvertising is a carefully engineered assault, designed to make you act before you think.

It’s social engineering at its finest. What seems like an instinct-driven click quickly escalates into real legal, financial, and reputational harm, as seen in these malvertising attacks.

Malvertising example #1: The Kling AI con job

Kling AI is a popular AI video and image generation platform, which has attracted six (6) million users since mid-2024.

In early 2025, attackers used Facebook ads to spread a fake promotion. The ad offered AI-generated media but tricked users into downloading a malicious Windows executable.

Here's how it worked:

First, the attackers ran hundreds of fake sponsored posts on Facebook, using ad cloaking to trick Facebook moderators.

Unsuspecting users who clicked were redirected to a fake Kling AI site.

On the counterfeit site, they were asked to upload a text prompt or image to generate AI media content.

Instead of the actual content, users got a ZIP file containing an executable disguised as a JPG or MP4 file.

This media file used Hangul filler characters to hide its true nature.

Once opened, the executable triggered a .NET-based loader built with Native AOT (Ahead-Of-Time), which evades traditional security tools.

The loader then injected a powerful Remote Access Trojan (RAT) called PureHVNC into trusted system processes.

Finally, the RAT gave attackers full control over the victim’s PC, enabling spying, identity theft, and data exfiltration. It specifically targeted crypto wallets and browser-stored credentials.

The Kling AI scam has spread worldwide, hitting over 22 million users, and is especially prevalent in Asia.

Malvertising example #2: The PS1Bot stealth campaign

Parallel to the Kling AI scam, researchers have uncovered another malware menace named PS1Bot. This campaign used malvertising and SEO poisoning to lure victims into downloading a multi-stage malware framework called PS1Bot.

Here’s the rundown:

The infection starts with a compressed ZIP archive delivered via malvertising or SEO poisoning.

Embedded in the ZIP file is a JavaScript payload that acts as a downloader.

This downloader fetches a PowerShell script from an external server and executes it.

The PowerShell script is then responsible for retrieving next-stage commands from a C2 (command-and-control) server.

The commands allow the attackers to carry out a range of malicious tasks such as stealing passwords & crypto wallet seed phrases, recording keystrokes, performing reconnaissance inside infected systems, transmitting information about antivirus programs to the C2 server, and securing long-term remote access.

PS1Bot has been active since early 2025, using in-memory execution techniques to minimize forensic traces on infected systems.

Cisco Talos researchers have observed that PS1Bot’s multi-stage framework and C2 infrastructure overlaps with that of AHKBot (another malware).

But there’s one key difference: PS1Bot’s blend of PowerShell scripts and compiled code (C#) makes it stealthier and more powerful than AHKBot, which is based on AutoHotKey scripts.

Still, AHKBot was among several malware strains deployed during the 2025 U.S. tax season to infect user devices with credential-stealing Remote Access Trojans (RAT). The AHKBot attacks were primarily delivered through phishing emails. Ultimately, the ability of malware frameworks like PS1Bot and AHKBot to operate across both phishing and malvertising campaigns signifies the growing sophistication of modern threats.

Malvertising example #3: The Luma Labs illusion

Like the Kling AI malvertising attacks, the “Luma Dream Machine” ads promise free text-to-video or image-to-video capabilities.

Here’s how the Luma Labs malvertising scam works:

The download button on the spoofed Luma Dream site delivers a ZIP file with a malicious executable. The executable is disguised as an .mp4 file, hidden behind Braille Pattern Blank characters.

Essentially, a long string of Braille Pattern Blank characters (a special whitespace character) “separates” the .mp4 file from the .exe file. So, you don’t see the harmful executable and think you’re downloading a harmless video file.

Once you click, the STARKVEIL dropper deploys three payloads: GRIMPULL, XWORM, and FROSTRIFT.

GRIMPULL uses the Tor network to fetch additional .NET payloads from the attackers.

XWORM, a Remote Access Trojan, captures screenshots and gathers sensitive information from your device.

FROSTRIFT is a backdoor that focuses on reconnaissance and data theft. It scans Chromium-based browsers for 48 extensions related to crypto wallets and browser password managers. Once attackers have your info, they may drain your accounts and even create synthetic identities to commit further fraud (such as applying for loans in your name).

Malvertising example #4: The “white page” deception

Here, attackers use AI to generate “white pages” or benign-looking websites.

The AI-generated fluff is so convincing, even detection engines are giving it the green light.

Here’s how it works:

Attackers use AI to create decoy ads that are rigged to appear at the top of search engine results.

The ads often spoof popular and trusted brands, but once clicked, will redirect you to phishing sites or “white pages” that appear legitimate. The malicious content is actually “cloaked” or hidden from your eyes.

Malwarebytes researchers recently uncovered two AI-generated decoy ads. One targets users looking for the Securitas OneID mobile app, while the other targets users of the Parsec remote desktop app.

But here’s the irony: While human users can often recognize the cloaked, fake content of these AI-generated pages, automated security tools see them as benign.

To fully grasp the impact of malvertising, we must first explore the legal frameworks – or lack thereof – that govern this threat.

Is malvertising dangerous?

The short answer is yes.

Malvertising poses severe risks for both consumers and businesses, including but not limited to:

Financial losses through ransomware demands: 91% of cyber insurance losses were tied to malvertising ransomware attacks in the first six (6) months of 2025, with double extortion techniques rising in popularity. These techniques demand two separate payments, one to decrypt the stolen data and another to prevent public disclosure of that data.

Privacy breaches from stolen passwords and personal data: Scammers are increasingly using illegal streaming websites to steal everything from login credentials to crypto wallet info.

A 2025 Microsoft report reveals that a single malvertising campaign on a piracy website compromised one (1) million devices worldwide. In the attack, threat actor Storm-0408 embedded malvertising redirectors within movie frames to generate revenue from malvertising platforms.

Device malfunction from spyware and botnet infections: Both spyware and botnet activities can drain battery life, processing power, memory, and bandwidth, which degrades overall device performance.

Identity theft and the resulting reputational damage: Malvertising hurts both consumers and businesses. When users unknowingly give up payment details, login credentials, and Social Security numbers, they put their financial security at risk.

Meanwhile, your business may be blamed if those same consumers associate the malicious ad they clicked with your brand, which will in turn hurt your ad revenues and sales.

And that’s not all: If your employees click on risky ads that lead to compromised customer data, your brand may also face fines and lawsuits. The resultant negative publicity (especially on social media) can cause irreparable harm to your brand’s image.

Is malvertising legal?

Malvertising is unequivocably illegal.

It breaks laws like the Computer Fraud and Abuse Act (CFAA) and the Electronic Communications Privacy Act (ECPA). These laws address unauthorized access to computers and networks and prohibit the transmission of harmful code (malware).

However, the international scope of malvertising and ease of hiding behind fake identities make prosecution a challenge.

While the United Nations acted in early 2025 to formally define cybercrime and the response to it, consensus has proved elusive.

The point of contention seems to be the broad, ambiguous language of the proposed Convention Against Cybercrime treaty.

As it stands, authoritarian regimes fear the treaty will severely curtail their surveillance powers, while democratic nations argue there aren’t enough safeguards for privacy and free speech.

The lack of consensus ultimately stems from ideological differences in balancing security and human rights, so it remains to be seen whether member states will ratify the treaty.

Still, one popular brand made a stand back in 2009. After discovering multiple parties running fake ads for bogus “security software” on its platform, Microsoft filed five (5) lawsuits against the entities responsible.

These first-of-its-kind legal actions against malvertisers are the foundation for the fight we still wage today.

Next, we address the question on everyone’s minds: How safe are the ads we see daily?

Can I get a virus from an ad?

Unfortunately, yes.

Modern malvertising delivers viruses, ransomware, and spyware with little to no user interaction needed.

Some attacks infect devices through “drive-by” downloads, which some refer to as “zero-click malvertising.”

Here’s how it works: When you visit a malicious site, an exploit kit silently scans your browser, plugins, or applications for security vulnerabilities.

But what’s an exploit kit? Quite simply, it’s a collection of code that takes advantage of security flaws to install malware on your device.

And an exploit kit can install malware on your device without you clicking anything or interacting with an ad.

This is what makes it a “drive-by” attack.

According to Malwarebytes researchers, the 2015 MSN malvertising scam was one such attack, where just browsing MSN’s news and lifestyle sections exposed users to malicious ads that silently loaded the Angler exploit kit.

Angler’s role was to check the user’s browser version, plugins (like Flash or Java), or other system details to identify which vulnerabilities to exploit. Once it detected an unpatched vulnerability, Angler selected the appropriate exploit code to take advantage of it.

This is how malware was installed on user devices without any clicks or visible action.

Are Google Ads safe?

Undoubtedly, Google has invested heavily in its billion-dollar ad ecosystem, but no system is 100% foolproof.

Attackers are increasingly leveraging AI-generated Google Ads to launch sophisticated malvertising campaigns.

These campaigns often reach millions before being flagged, showing that even the largest platforms face an ongoing battle against malvertising.

That said, Google has taken key actions to protect users:

AI-powered fraud detection: In 2024, Google made 50 LLM (large language model) enhancements to better detect fraud signals across its platforms.

Ad removal and account suspensions: In 2024 alone, Google removed 5.5 billion malicious ads, blocked 415 million scam-related ads, and suspended more than 39 million ad accounts suspected of policy violations. This effort continues in 2025 and beyond.

Cross-industry cooperation: Along with the Global Anti-Scam Alliance (GASA) and DNS Research Foundation (DNSRF), Google co-founded the Global Signal Exchange to enable faster identification and disruption of fraudulent activities across platforms.

User privacy enhancements: Google has implemented on-device processing and the Privacy Sandbox to phase out third-party cookies. Two key components of the sandbox, Topics API and the FLEDGE API, are critical for your safety and privacy.

The Topics API ensures advertisers receive only general interest signals, not detailed behavioral profiles. This makes it harder for attackers to target you with tailored scams. Meanwhile, the FLEDGE API removes one of the main tools malvertisers use to track you across sites: third-party cookies.

Stricter content policies: Google has updated its Misrepresentation policy to prohibit impersonation or false affiliations with any celebrity, public figure, brand, or organization. Transparent disclosures are also required for AI-generated content and health claims.

While no ad platform can guarantee 100% safety, Google’s ongoing enforcement activities and industry collaborations make Google Ads one of the safest ad networks in 2025.

How can I detect malvertising in ad campaigns?

While it’s challenging to detect malvertising, here are four (4) key elements to look for:

Ads promising free AI-generated media or tools that require downloads

Suspicious file names with double extensions or overly long filenames intended to mask true file types

Urgent language pushing immediate action or mismatched domains (i.e. a link for a known brand that takes you to an unfamiliar site)

Unexpected pop-ups asking for excessive permissions

Note: As attackers scale malvertising campaigns with AI, poor grammar is no longer a reliable red flag. For example, the recent Kling AI and Luma AI campaigns used Facebook ads with convincing visuals and flawless grammar to successfully trick millions of users.

What is being done about malvertising?

Security organizations and law enforcement agencies across the world have joined forces to fight malvertising.

An example is the Trustworthy Accountability Group (TAG), an initiative established by the Association of National Advertisers (ANA), American Association of Advertising Agencies (4A’s), and the Interactive Advertising Bureau (IAB).

TAG’s mission is to fight fraud, malvertising, and internet privacy while increasing trust and transparency in digital advertising.

It does this by creating and maintaining voluntary certification programs for organizations across the digital ad supply chain.

In 2025, TAG significantly expanded its efforts, awarding a record 326 certification seals to 207 companies that adopted best practices around fraud prevention, brand safety, and transparency.

TAG’s Certified Against Malvertising program grew by 31% this year, reflecting the consensus against malvertising.

In addition, TAG also operates a threat-sharing platform called the AdSec Threat Exchange and has working groups like the Anti-Malware Working Group dedicated to coordinating knowledge sharing and defenses against malvertising.

Meanwhile, coordinated law enforcement campaigns like Operation Endgame have set a new standard for fighting cybercrime. The multinational effort involved the FBI, EU law enforcement agencies, tech experts, Europol, and Eurojust.

Beginning on May 28, 2024, this unprecedented operation disrupted more than 100 servers to defeat multiple malware variants. The operation hit at the core of at least four threat groups (IcedID, Smokeloader, Pikabot, and Bumblebee), crippling their infrastructure and sending a clear message that justice knows no borders.

How can I protect myself or prevent malvertising?

The best defense combines both technology and awareness:

Method	How it helps	Who it’s for	Examples
Server-side and client-side ad security tool	Real-time verification of digital ads to detect and block malicious content Malvertising Attack Matrix maps out tactics, techniques, and procedures (TTP) of threat actors in digital advertising	Businesses, publishers, advertisers	Confiant
Ad quality and security platform	Scans and blocks auto-redirects, malicious ads, and sexually explicit content	Businesses, publishers, and platforms	GeoEdge
Use industry-recommended ad blockers	Blocks malicious ads and tracking scripts Improves browsing safety	Consumers	AdBlock Plus, uBlock Origin, Ghostery, Privacy Badger, Surfshark CleanWeb
Keep OS, browser, plugins, apps, and antivirus software updated	Fixes security flaws or vulnerabilities attackers can exploit to deliver malware	Consumers and businesses	Regular updates from OS and software vendors
Be wary of ads offering free apps, miracle cures, or sought-after tools like AI text-to-video generation	Reduces your risk of malware infections	Consumers and businesses	Healthy skepticism and user vigilance prevents initial compromise
Adopt a Zero Trust mindset for brands	Assumes even trusted brands can be compromised Ensures verification before giving trust	Consumers and businesses	Verification with official channels before any download

Ultimately, malvertising thrives on surprise and trust. Staying informed and alert is your strongest defense against this threat.

LastPass: Your trusted ally against malvertising

LastPass doesn’t just store passwords.

It helps you fight malvertising with phishing-resistant protections.

Here’s how:

Secure autofill

With LastPass, you get safe, seamless logins with secure autofill that only works on trusted sites. This means you get safe browsing and a hassle-free way to protect your credentials from keyloggers.

AES-GCM-256 encryption and Zero Knowledge framework

Your passwords are the keys to your kingdom. With LastPass, you enjoy the same protections as the military, intelligence agencies, and world governments. This means you can have absolute confidence that your data is private and accessible only to you.

URL encryption

Every URL tied to login credentials is encrypted in your personal vault. This means attackers can’t match your passwords to specific sites, preventing them from hijacking your accounts.

FIDO2 MFA

With passkeys or hardware security keys, you get phishing-resistant, intuitive logins that block unauthorized access every time. This means your accounts stay safe, even if your password is compromised.

Dark Web Monitoring

With LastPass, you stay one step ahead with proactive alerts if your login info leaks on the Dark Web. This means you can act fast and avoid costly hacks.

LastPass is easy to use and keeps my passwords organized, something I never could manage before. I use it every day and every day I'm grateful for it (Patti T, author and verified G2 reviewer).

LastPass is so easy to use I have my elderly parents using it successfully. I like that for most Android Apps and desktop websites, LastPass can auto-fill with ease. I've been with this product for years now and had no issues or breaches that affected me in any way (Shandy O, computer specialist and verified G2 reviewer).

If you’re ready to join Patti and Shandy in having greater peace of mind, unlock your LastPass free trial today (no credit card required).

Type of account	Who it’s for	Free trial?
Premium	For personal use across devices	Yes, get it here
Families	For parents, kids, roommates, friends, and whoever else you call family (6 Premium accounts)	Yes, get it here
Teams	For your small business or startup	Yes, get it here
Business	For small or medium-sized businesses	Yes, get it here
Business Max	Advanced protection and secure access for any business	Yes, get it here