What is Malvertising: Defined, Explained & Explored

We could call malvertising the bogeyman of digital media, except that unlike a bogeyman, malvertising is both scary and real. 

It affects users around the globe every day — and its effects are often immediate and visceral. Malvertising is, to the broader public, the face of ad security and quality.

More accurately, to those in the industry, malvertising is the face of the enemy of ad security and quality. Malvertising has been around for as long as digital advertising has, and malware has been around as long as it’s been possible to compromise the security of devices, programs and platforms. 

We’re here to explain what malvertising is, how it behaves, and how it can be prevented in today’s world. We’re here to underline the threats to users and to other digital businesses, to describe warning signs of malvertising before they become a serious problem, and to illuminate a path forward, where publishers can monetize their ad inventory and ad platforms can trade freely with their partners without the overhanging threat of malvertisers driving away their audiences and damaging their bottom line.

 

What is Malvertising

“Malvertising” simply means “malicious advertising.” More specifically, the term “malvertising” refers to digital ads that are either designed and deployed with explicitly malicious intent, or compromised by bad actors. 

There are many different forms of malvertising categorized by the various actions triggered when the malicious ad reaches the user’s screen, by the vector of attack, and by other factors. But the common element is the use of the ad creative, or any vulnerable points along the ad supply chain, to negatively affect the end user.  

When malvertising reaches its target user, which could be a broad target, or a target as specific as a typical legitimate ad campaign will aim to reach — it deploys its payload. The payload is whatever malicious entity the ad delivers:

• Malicious code — A script engineered to execute an action, whether or not the user interacts with the ad 
• Malware — Malicious software, placed on the user’s device without the user’s consent and with the intent to compromise the user’s browser or device 

 

Malware vs Malvertising 

Malware and malvertising overlap with each other, but aren’t the same thing. Malvertising may contain malware, and it may direct the user to a landing page where they are prompted to download malicious software. A malicious script, by contrast, can trigger software already on the user’s device to perform an action. Some malvertising campaigns entice the user to take action on their own, with no additional software or scripts involved. And malware can reach a user’s device through points other than the ad slot, including the browser or a corrupted program or file. 

To the user, malvertising may appear frightening or annoying, or by contrast, the user might not even notice its effects. But malvertising isn’t just a bother — it’s a criminal enterprise. Malvertisers are commonly out for the user’s credit card or banking information, either to steal money from them or to sell that data to other criminals.

 

Where Does Malvertising Come From

Malware slithers its way through advertising into users’ devices in a variety of ways – through every- thing from direct-sold campaigns to indirectly sold ads from exchanges or networks. 

 

Where Can Malware Hide? 

• On A Landing Page 
• In the Delivery Path 
• Embedded In the Creative 
• Within a Pixel
• Within a Video

 

Malvertising and the Advertising Ecosystem

Malvertising comes from third parties that, in one way or another, have access to a publisher’s ad slots and/or the creative that renders in them. Often a malvertiser will execute a media buy starting from the DSP, just like any legitimate advertiser. 

In other cases, the malvertiser will insert its payload via inventory reselling, or some other unsecured point in the supply chain. For the malvertiser, this is an efficient and scalable method of causing harm. There’s no need to take control over the publisher’s entire site or server, and typically there’s no need for the user to perform any action other than loading a web page. A malvertising campaign can have international reach, and can be targeted to particular geographic regions, demographics, or device types. 

Malicious code in an ad creative will take the form of a URL. Ad scanning tools at points along the supply chain will scan the creative’s code for suspicious URLs, but malvertisers get past scanners by using cloaking — hiding their real URLs within code that looks legitimate (for example, resembling the URL of a legitimate company) or at least innocuous to a scanner or human QA. The cloaked URL slips past these relatively low-tech security measures and reaches the user’s screen undetected.

Malvertisers commonly take advantage of opacity of the programmatic market. Between the DSP and the publisher sit any number of SSPs, ad exchanges and ad networks — a web of supply paths where bad ads can pass. Accountability may be tricky among programmatic players — most users aren’t even aware of the existence of the intermediaries along the supply chain, so those intermediaries have little to lose in the PR game. And many criminal malvertising enterprises exist beyond the borders of their target users — out of local jurisdiction, and extremely difficult to prosecute. 

Malvertising is not limited to programmatic channels, though. Direct-sold advertising may also be compromised. 

 

Malicious Ad Delivery Timeline 

There are several paths malvertisers can pursue to reach their target user. Here are some of their options, which can execute in standard display, video or in-app environments:

• Embedding the payload in the ad creative. The payload will then be deployed when the ad loads on the page. The creative may appear to be “clean,” because the bad URL is cloaked and is only revealed when the page loads or the user clicks on the ad.
• During the ad call. A bad actor inserts harmful code into the supply path as the ad is being called.
•  Post-click. The user clicks on a malicious ad. A series of URLs are called to bring up the ad’s landing page. Malicious code may be inserted by any third party along that path.
• Embedding the payload in a tracking pixel. Just like any tracking pixel, a malicious pixel signals to the malvertiser that the user has interacted with the ad in a specific way — at which point the pixel triggers the payload.

 

How Malvertisers Set Up Malicious Campaigns 

Step 1: Recon

Malvertisers evaluate consumer behavior and trends within various countries creating attack blueprints including creatives landing pages that will best suit the targeted users.

Step 2: Probe

Much like traditional marketers, malvertisers test the effectiveness of their campaigns by first launching probing campaigns to gauge which campaigns prove most effective.

Step 3: Scale

Capitalizing on their short window of opportunity, once the malicious campaign reaches the target ROI, the attack is scaled to reach a wider range of users. 

Step 3: Vanish

Knowing their window of opportunity will inevitably come to a close, the malicious campaign is deactivated as security defenses begin to block the attack. 

Step 4: Reset

Malvertisers return to the drawing board, with their sights set on their next malicious scheme and return to probing attacks. 

 

How a Malvertising Campaign Runs When it Starts at the Beginning of the Supply Chain and Evades Detection:

• Creative review: The campaign is submitted to the DSP and undergoes pre-flight review for ad quality issues and spec compliance.
• DSP-level scanning: Automated tools inspect the creative’s code for potential hazards.
• Launch: The cloaked “bad URL” has successfully hidden the identity of the buyer and the nature of the campaign, and the campaign begins to progress along the supply chain.
• Bypassing scanners: The bad ad is designed to reveal its real (malicious) URL to a human user, and to hide it in a non-human environment. Scanners are non-human environments. Ad platforms and other vendors fail to detect the bad code via simple scanning.
• Bypassing blocklists: Because the real URL is cloaked, it fails to match against platforms’ and publishers’ lists of prohibited URLs (known bad actors and unwanted advertisers).
• Impression and payday: The ad reaches the user’s screen, where the payload is deployed directly to the user and their device.

 

Types of Malvertising 

Just as malvertising and malware are frequently conflated, so are malvertising and adware. Again, there’s a difference. 

Malvertising takes advantage of normal digital ad distribution channels. Adware is software designed to render ads to the user. Sometimes adware is legitimate, and the user has consented to it — for example, as a way for a developer to monetize software that is otherwise free to the user. But sometimes adware is placed on the user’s device without the user’s consent. In either case, whether the developer has ill intent or their software is compromised, adware may contain malware.

Malvertising itself, as we’ve said, takes many forms, through many vectors of attack. Here are some common forms of pre-click and post-click malvertising, and how they’re deployed:

• Auto-redirect: Malicious code takes over the ad unit, expanding the creative to fill the screen, with no option to close the ad. The creative directs or links the user to a malicious landing page, the app store, or a phone number for a phishing scam.
• Drive-by download: With or without their consent, or full knowledge of its contents, the user downloads an exploit kit, which executes a malicious action on the user’s device or browser.
• Deceptive ads: Ads with misleading or deceptive creative, deployed for a number of strategies, including linking the user to a phishing scam or selling subpar or non-existent products.
• Worm: A script written to copy itself and spread to other devices.
• Trojan horse: Software, sometimes downloaded willingly by the user, that creates a backdoor for bad actors to enter.
• Spyware: Software that sends data to the malvertiser about the user, who is not aware it’s on their device.
• Ransomware: The payload locks the user’s device or account, and prompts them to pay to unlock it. 
• Scareware: The ad creative tells the user their device is at risk, and prompts them to download a malicious “solution.”

 

Examples of Malvertising 

Beyond the general categories of malvertising, the digital media industry has seen several prominent and recurring malvertising campaigns in recent years. These campaigns have been detected by GeoEdge, whose security researchers quickly came to understand the campaigns’ behaviors and characteristics. Here are some pervasive, distinct malvertising campaigns GeoEdge has studied:

Impostor: This attack redirects the user to a page that resembles a local or regional law enforcement site. The malicious code then takes over the browser, changing to a full-screen box with no exit option, and displays a message telling the user they owe a fine, and that paying the “fine” will unlock their browser.

Hermexx: This is a bitcoin-related cloaking scam. It fingerprints the user’s device and environment, including factors like time zone and IP. It will commonly show a sensationalistic or clickbait-style message in the creative, which can be served through server-side and client-side channels. When a non-targeted user clicks on the ad, they’ll be taken to a harmless site. When a targeted user clicks, they’ll be taken to a site for a cryptocurrency scam.

Morphixx: When this campaign first appears at the DSP level, it does not have its payload within. This allows it to bypass creative scanners, and sometimes a fake URL counterfeiting the URL of a legitimate advertiser also helps it pass. After several days, ad platforms are acclimated to the campaign’s presence, and at that point its ads are deployed with the malicious payload. Morphixx uses IP data to geotarget users, and to serve a personalized message in the creative and landing page (which is common practice in contemporary ad targeting, but previously less common in malvertising) claiming to be the user’s ISP, using the ISP’s branding and local language. The landing page prompts the user to complete a survey or sweepstakes, which are the means to extract personal information. Sometimes these landing pages will go so far as to include fake comments from fake users about the survey and the rewards they won.

 

Malvertising in Landing Pages 

In many malvertising campaigns, the most harmful elements are not actually carried in the ad creative itself. Often, the creative will appear on the page to function like a normal ad, and only when the user clicks through will they land on a page that contains malware or a setup for a scam. As such, anti-malvertising efforts need to inspect not only the ad creative, but the landing page behind the ad.

 

How Do Malvertisers Evade Detection?

Cloaking hides both of these pieces — the creative the user sees, and the landing page it leads to. The malvertiser will launch a campaign using ad creative in disguise — as it passes down the supply chain, the creative will appear to be harmless and legitimate at first glance.

Scanning will reveal a landing page URL that also appears to be legitimate. When the ad reaches a human environment, its code will automatically swap that false creative for the real creative the malvertiser wants the user to see. 

The code will also make the real, malicious URL interactive for the user, so it links to the unsecure landing page. The landing page may even appear legitimate to the user — counterfeiting the design and branding of a premium publication or brand, and/or with a URL that appears to represent a well-known company.

This whole process is designed to take advantage of the user’s trust in the brand they think they’re interacting with, and the publisher that hosted the ad. But the malicious landing page will, with or without the user purposefully initiating a download, deliver malware to the user’s device; or prompt the user to begin communicating directly with the malvertiser, who will try to extract personal information or money from the user.

 

Trends in Malvertising: Fake Ads 

Malvertising has historically been challenging for publishers and platforms to combat because of the technical sophistication of malvertisers. Digital professionals often speak of malvertising prevention as a game of Wac-a-Mole  because whenever they come to understand one campaign, bad actors confuse them by deploying new tactics through new vectors of attack. 

Publishers and platforms rarely have the resources to keep up with new attacks on their own, and need assistance from an ad quality vendor, whose technology is advanced enough to continually block even brand-new malvertising attacks.

In 2020, the industry saw a dramatic increase in attacks that totally evaded ad scanners — because the creative in these campaigns doesn’t use malicious code, but instead uses a creative that plays with the user’s psychology and engagement with page content. 

 

Examples of Fake Ads

The strategy is to entice the user to click on an ad, where they’re led to an unsafe or untrustworthy landing page. With the COVID pandemic keeping millions of people at home and extremely online, the industry saw a rapid uptick in ads featuring:

• Misrepresented medical equipment. This includes ads for subpar face masks, COVID tests or treatments that don’t even exist, treatments and equipment that are not government-approved for medical use, and products that don’t resemble the images used to advertise them.
• Surge prices. Some bad actors sold hard-to-find medical equipment at predatory prices, a tactic premium publishers generally don’t want their advertisers to employ.
• Tabloid-style celebrity images. These include classic clickbait “celebrities in peril” headlines (“You won’t believe what happened to…”) and ads suggesting falsely that a celebrity has endorsed the product. 

In an environment where users are online for much of the day and also on edge, waiting for solutions to COVID-related issues, these fake ads are especially effective and dangerous. To combat them, publishers and platforms need to be able to inspect landing page content.

Mobile Malware Threats 

The small screen offers particular opportunities for malvertisers. Users on mobile are often in a hurry, looking for a quick solution, so they have little patience for interruptions. Small screens with delicate response make erroneous clicks on ads a nearly inevitable phenomenon. 

Unfortunately, there is sometimes a symbiotic relationship between app developers and ad platforms: If an ad platform is paid on a CPI (cost per install) basis, and if a developer relies on that platform to distribute ads to drive up downloads of the app, then the platform is essentially incentivized to run more ads from buyers they’re not necessarily familiar with yet. This makes it easier for bad actors to slip their campaigns through.

Auto-redirects affect both mobile and desktop, but especially mobile — GeoEdge research found 72% of all redirects occurred on mobile.

 

How Auto-Redirects Work

• The bad actor will place malicious code in the ad creative either when the ad is called, or post-click. 
• Because of when and where the bad code is inserted (that is, while it’s en route to the user), the ad platform would not have been able to detect it — at least, not without a real-time solution for detecting and blocking bad ads.
• When the user opens a site or app, the bad ad will take over the screen. From there, it might direct the user to the app store to download an unwanted app. Or, it might show a message saying the user has won a gift card, or been invited to take part in a survey, or been exposed to a system risk that can only be fixed by clicking through.
• If the user clicks through, they will be directed to a phishing scam or a prompt (obfuscated or not) to download malware.

An auto-redirect can send a user directly to the app store for the same reason a user can easily click through from, say, a browser or an email, to content in an app that’s already on their device. (Think of clicking through a link to see particular content in Twitter, LinkedIn, or your health provider’s app containing COVID test results.) The malicious redirect, however, will commonly no longer work after the first time it’s launched, making it challenging for publishers to trace and troubleshoot manually. 

 

Dangers of Malvertising 

The most immediate and damaging effects of malvertising are effects on the user. At best, malvertising is annoying and disruptive.

For example, to make an auto-redirect on mobile disappear, the user would most likely need to turn off their phone, delaying their ability to access important information on the go.

 Or, unwanted pop-ups and pop-unders can slow down or temporarily freeze a user’s browser. Let’s not forget spyware and other malware that runs totally undetected on a user’s device — the user could see reduced battery life or a slower-running system without understanding the source of the issue.

At worst, when the malvertiser is actually successful in their attempts to deceive and defraud, the user is effectively robbed. If they are convinced to pay money, or to share personal information such as a Social Security number or banking details, pursuing those bad actors for criminal activity could range anywhere from prohibitive to impossible. 

Prosecuting malvertisers and overseas scammers is arduous and requires the participation of multiple law enforcement divisions. And as we’ve also said, malvertisers commonly sell the user data they’ve obtained to other criminals. The affected user could easily be robbed again, by an even more distant entity.

Malvertising can discourage users from trusting not only the site where they had been attacked, but from trusting digital media in general. In an era when many premium publishers feel the need to encourage users to trust and be well-informed by their content, and to push hard against the effects of misinformation, the appearance of malvertising on their site sets back a publisher’s efforts. Even when the user is not attacked with a redirect or enticed to click through to a bad landing page, the mere appearance of suspicious or salacious ads can chip away at their trust.

 

The Cost of Malvertising for Publishers & Platforms 

Malvertising can cost publishers and platforms in the moment and into the future, in time and resources spent cleaning up bad ads, and in loss of potential revenue. 

The GeoEdge team estimates that malicious activities cost industry stakeholders publishers upwards of $1B million annually, including identification, documentation, and remediation.

When a malvertising attack hits its site or platform, a business needs to act swiftly, in order to protect its users from harm, and/or reassure its partners of its high standards and professionalism.

The process of tracing the source of bad ad — including communicating with demand sources and other supply-chain partners — is time-consuming and exacting, and it takes digital professionals away from the projects that help move the business forward. Meanwhile, troubleshooting by turning demand partners on and off leaves revenue on the table.

 

Ad Blockers 

As users take matters in their own hands and begin installing ad blocking software, they chip away at the publisher’s ability to monetize their sessions. And the effects are permanent, for the lifetime of their relationship with the site (and any site). Ad blocking software is a real threat to publishers’ livelihoods — by some estimates, it costs publishers globally anywhere from $16 billion to $78 billion per year.

 

How Malvertising Affects Revenue 

When users choose to avoid a site because they believe it’s unsafe or the publisher doesn’t value their engagement, there’s a ripple effect on the business’s bottom line. The publisher loses the ability to monetize the lifetime value of that user. Having a reputation for hosting bad ads can not only decrease traffic for a publisher, but also harm any publisher’s or platform’s efforts to solidify relationships with business partners. Publishers will choose to de-prioritize or not work with platforms known for hosting bad ads, and quality advertisers 

Malvertising incidents can easily lead users to download ad blockers. Aside from the fact that these ad blockers prevent publishers from monetizing users’ sessions, some ad blocking software makes for worse user experience. The software may slow down page load — and some ad blockers don’t even block all ads, but allow ads from buyers who have paid the software developer to be whitelisted. And some of those ads could still contain malvertising.

Diminished traffic and reputation drives down CPMs, and opens the door to new ad quality issues from malicious or low-quality advertisers to whom higher CPMs would be a barrier to entry.

 

Anti Malvertising: Techniques for Detecting Malware 

Without the aid of trustworthy, high-tech solutions for detecting malvertising or malware and keeping it from your site and platform, the process can be daunting. Homegrown or low-tech processes can be heavily manual, error-prone, and reactive rather than proactive.

For many publishers who choose to handle malvertising outbreaks on their own, the first sign they see of their site being affected will be from users, reaching out via email or social media. And frequently, malvertising attacks occur after business hours or on weekends.

An attack can set off a mad dash to remove the bad ads from the site and try to trace them back to their demand sources — especially frantic when an attack comes during nights or weekends, as is often the case.

So how do anti-malvertising researchers detect malvertising? 

• Signature-based 
• Checksumming
• Reduced masks 
• Known plaintext cryptanalysis 
• Statistical analysis 
• Heuristics 

 

Creative Wrapping vs  Page Protection 

Creative wrapping can be compared to a security guard defending the entrance of a single room in your home. While the guard may prevent some attacks, their defenses are not strong enough to thwart all malicious attempts. Creative wrapping works similarly by creating a container around ad units on the webpage.

Developed by the IAB  through industry-wide input, designed for scalability and efficiency, SafeFrame technology tightens up vulnerabilities in ad slots that malvertisers and scammers have long used to launch attacks on unsuspecting users. Google even serves custom and third-party creatives (from a third-party ad server) into SafeFrames by default, and recommends publishers work with advertisers and creative providers (including agencies) to ensure SafeFrame compatibility. However, SafeFrames by no means provide airtight security measures, and publishers employ a variety of DIY reinforcements and vendor-provided tools to reinforce SafeFrame tech. 

Whereas, page-level protection requires a single line of javascript which covers every ad unit on your site. Rather than having a single security guard for one room in your home, page level protection guards your entire digital property with a virtual barrier. Once the script is implemented, page-level protection monitors everything on the page. However, not all page-level defenses are created equal. It comes down to how sophisticated your security defenses are.

 

Preventing Malvertising 

Publishers and ad platforms use any combination of common preventative methods to stop malvertising before it can affect users including:

• Blocklists. URLs and domains used by undesirable advertisers — including bad actors in the ad ecosystem — should be proactively blocked. However, blocklists only work well at stopping known bad actors, not newly-emerging threats. Also, bad actors can evade blocklists by frequently changing the URLs they use.
• Real-time detection and blocking of bad ads and landing pages. Because malvertising campaigns evolve and spread so quickly, real-time protection is the most comprehensive and fail-safe protection. A well-established real-time solution, like GeoEdge’s, will be able to detect patterns in creative code that resemble already-known malvertising code — thereby allowing the publisher or platform to stop and inspect a new potential threat before it’s trending. Automated QA also speeds up in-house workflow, and allows publisher and platform teams to focus on more strategic monetization efforts.
• Manual review of ad creative and tags. Manual review may be time-consuming, but it’s still an important part of malvertising prevention. There is always a place for human insights drawn from an understanding of the full context in which the user will be seeing the ad.
• Scanning along the supply chain. All legitimate entities along the ad chain should scan creatives for potential hazards — all stakeholders need to contribute to a safe and transparent marketplace. However, scanning is a fairly basic security measure, and it looks at only a sample of all the ads coming through. Even without cloaking — which is designed to evade scanners — bad ads could easily pass.
• Buyer/partner vetting. Understanding your prospective ad partners’ history of managing malvertising threats (or failing to do so) can help you make the right decisions, with the right level of risk, for your business. Talk with your industry peers about their experiences with your prospective partners as well.

 

Red Flags Indicating Your Malvertising Protection Isn’t Effective

The old adage “You don’t expect it to happen until it happens to you” feels familiar to many publishers and ad platforms. It’s common enough to believe that because you’ve never been hit by a malvertising attack, your existing security efforts must be sufficient. Naturally, being under attack changes that attitude quickly, and calls for enhanced security just as quickly. Here are some signs that your site or platform’s security might be impacted by malvertising, before the problem becomes grave:

• Reduction in measured time on site, session depth, or overall revenue — or increase in bounce rate. These are signs that your users may be experiencing something on your site that leads them to leave early and, as such, monetize your site less. If these KPIs are dipping, inspect all the ads on your site, and continue to monitor all ad inventory.
• Sudden increase in CTR on display ads. CTR in the 2020s is generally low — but clickbait-style “fake ads” favored by malvertisers today have unusually high CTR. This ostensibly positive development might actually indicate your site is under attack and your users are being duped.
• In-banner video on the site or platform. This is not necessarily a sign that you’re currently under attack, but it is a good indicator that one or more of your demand partners has been compromised, or is dropping the QA ball. IBV is broadly considered undesirable by premium publishers and premium advertisers alike. Tell your demand partners if you’re seeing IBV, and ask for details about their security measures.
• Negative social media mentions. When a user wants to complain to a company, it’s often faster and more convenient for them to do so on Twitter, Facebook or a customer review site than it is to email the company. A publisher or partner’s customer support team must remain vigilant and search for mentions of the company’s name — which could alert CS to a systemic problem such as a burgeoning malvertising attack.

You can mitigate rising malvertising threats by regularly communicating with your demand partners, and understanding what threats they and their partners have seen. In the event of a serious attack, consider partnering with an ad quality vendor that can be integrated and start blocking bad ads quickly, as GeoEdge can. 

 

Removing Malvertising 

When your site or platform has been infected with malvertising, it’s essential to immediately remove those bad ads and stop the campaigns they’re associated with. But there are other steps you can take to remove any traces of those campaigns in the short run, before progressing to a long-game strategy for malvertising prevention.

Make all possible efforts to trace those bad ads back to their source(s) — and investigate all possible sources. Naturally, some partners may not be so forthcoming or eager to own accountability. 

Communication is crucial, as any one entity along the supply chain can pass along bad ads to multiple partners and ultimately infect a broad swath of sites. Ask your partners about threats they’re looking out for — and talk with your peers. Publishers should talk with other publishers about the malvertising instances they’ve experienced or been on the alert for. It’s in the best interest of the entire digital industry, and its financial stability, to be open and transparent about threats to user experience (and especially threats to users’ wallets). 

A trusted ad quality and security vendor is a vital ally in promptly stopping and removing malvertising from your site or platform, and in blocking future malvertising campaigns before they reach the user. Specialized vendor knowledge and experience can drastically reduce the amount of time your teams need to spend troubleshooting ad quality issues and gaining insights from around the ad ecosystem. 

 

Malvertising Protection: Solutions Beyond Security 

Seeing as malvertising is so complicated that even guide such as this demands such a broad and wide-ranging explanation, it makes sense ad security and quality is a thriving subset of the digital ad industry. The rapid spread of auto-redirects alone spawned a cottage industry of solutions aimed specifically at stopping redirects. But in choosing an ad quality partner, it’s deeply important to work with a partner that has shown success in combating a wide range of ad security and quality issues, not just the malvertising trend du jour.

GeoEdge is that seasoned, comprehensive partner publishers and platforms can rely on for the long run. In vetting a partner to help prevent malvertising and a wide variety of other security and quality threats, ask whether your potential partner has these characteristics:

• Real-time detection and blocking capabilities. The threat of malvertising is too great to digital company’s users, partners and overall business to manage it after the fact — and today’s malvertisers are too wily for anything other than real-time blocking to suffice.
• Holistic ad security and quality solutions. Malvertising is truly the tip of the iceberg, and a real ad quality partner addresses less-obvious threats to users, as well as the concerns advertisers have about the environments where their ads appear.
• QA automation. Automation allows your in-house teams to focus on growing your ad-related business, not just maintaining the business you have.
• Success in multiple environments, including desktop, mobile and in-app. Don’t make the mistake of focusing on one vector of attack, at the expense of the next vector malvertisers might favor.
• Specific content categorization. For brand safety, for good user experience, and to maintain users’ trust in a publisher’s site, ad content and page content must be aligned. Among publishers, 91% believe heavy-handed and overly broad blocklists hurt their overall revenue. More control over categorization allows in more of the right ads for the right environment.
• Ability to monetize when a bad ad is blocked. When GeoEdge blocks an ad, it inserts a clean ad the publisher has approved in advance, so the user’s session will still be monetized fully.
• Years of experience. Look for a partner who has persevered through several waves of malvertising trends, and has shown a positive track record throughout. A trustworthy partner should have deep experience and a commitment to continued research and product development.
• Service. An ad quality partner must deliver not just technology, but human response and understanding. Look for customer service that responds rapidly and internalizes the needs and desires of your business.

GeoEdge is unique among ad security and quality vendors in that it embodies and enacts all of these characteristics, and serves as a committed partner to your business rather than simply a vendor. True ad quality partnership transcends malvertising and malware, and addresses the countless subtleties and unseen threats in digital media. 

Reach out to the GeoEdge team today to learn what we can do together to detect and stop malvertising — and any other ad quality and security issues affecting your business, users, customers, clients and partners.