Cybersecurity May 21, 2026 7 min read

How does intrusive advertising threaten our online safety?

We tend to keep things in separate boxes: on one side, ads that are just "annoying", and on the other, viruses that are "dangerous". In fact, the line between the two has all but vanished thanks to what's now called malvertising. Let's break down a very real threat.

TL;DR

Malvertising (malicious advertising) lets an attacker install spyware or redirect you to a phishing site without you clicking anything — just because the banner loaded on the page. The Real-Time Bidding auction system means publishers can't actually control what they display. On top of that, dark patterns are interfaces designed to manipulate you. Blocking ads isn't a comfort feature — it's a cybersecurity measure.

Section 01

When an ad banner becomes a weapon

You don't necessarily have to click a dodgy link in an email to get hacked. Sometimes, simply visiting a perfectly legitimate news site is enough. Ad networks have become so complex and so automated — with that real-time auction system, Real-Time Bidding — that publishers no longer have any real control over what's served on their own pages.

Attackers buy ad slots completely legally. Then they inject malicious code into the ad. Just by loading the page, your browser can execute that code and quietly install spyware, or redirect you to a very convincing phishing page.

⚠ Drive-by download

This is the scenario where an infection happens without any user interaction. The ad loads, exploits a browser flaw (often in JavaScript handling or plugins), and installs malware in the background. No click, no download to confirm.

+42% increase in detected malvertising campaigns between 2023 and 2025, according to ENISA (the European Union Agency for Cybersecurity).

Section 02

Real-Time Bidding and the uncontrollable

Real-Time Bidding (RTB) has become the dominant way to buy advertising. In practice, when you load a page:

Your profile (assumed interests, history, geolocation) is sent to a bidding platform.
Hundreds of advertisers are notified in parallel and place a bid.
The highest bidder wins — in just tens of milliseconds.
Their ad creative is injected into the reserved slot on the page.

The problem is structural: the publisher never sees the ad before it shows up. They have no practical way to verify whether the banner code is legitimate, whether it contains an abusive tracking script, or worse, an exploit. RTB platform controls do exist, but they're largely insufficient given the volume — tens of billions of transactions a day.

The Interactive Advertising Bureau (IAB) has tried to standardise things (ads.txt, sellers.json) to limit fraud, but malvertising remains one of the most profitable angles of attack for cybercriminal groups.

Section 03

Scams by manipulation: dark patterns

Beyond the pure technical hacking, intrusive advertising leans heavily on "dark patterns". These are interfaces designed to deceive you:

Fake close buttons: you click the X to close the ad, but it's actually a clickable button that opens the ad network.
Scare prompts: "Your PC is infected, click here!", "You've won an iPhone, claim it now!".
Fake system buttons: banners mimicking Windows or macOS notifications to push you into installing a fake antivirus.
Confirm shaming: "No thanks, I'd rather pay more for my insurance" instead of a simple "No".
Roach motel: easy to sign up, almost impossible to unsubscribe.

These practices are now explicitly addressed by the EU's Digital Services Act and, in France, by the CNIL. Fines are climbing — but the gap between the fine and the profit made still tilts heavily in favour of malicious advertisers.

Section 04

Real cases: who's already been hit

Malvertising isn't a theoretical threat. A few documented examples from recent years:

The New York Times and the BBC unknowingly served banners containing ransomware code (2016, but the pattern is still around).
Forbes, MSN, AOL and several major portals were contaminated by the "AdGholas" campaign, which specifically targeted out-of-date browsers.
YouTube has, on several occasions, shown pre-roll ads redirecting to phishing sites imitating Google or Microsoft.
French news sites served banners in 2024 that exploited a zero-day Chrome flaw before it was patched.

What they all have in common: no malicious site. No booby-trapped download. Just a legitimate site, a poisoned banner that slipped through controls, and a user whose browser wasn't up to date.

Section 05

How to protect yourself in practice

Fighting ads with solid tools like Sheeldy isn't just a matter of visual comfort — it's a genuine baseline cybersecurity hygiene measure. The concrete actions, in order of impact:

1. Keep your browser and OS up to date

The vast majority of malvertising campaigns exploit flaws that have already been patched. Turn on automatic updates. It's free, and it's the most effective defence.

2. Install an ad blocker

uBlock Origin on Firefox, Brave natively. Not for the comfort — but because a banner that doesn't load is a banner that can't attack you.

3. Disable unused plugins

Flash, Java, old built-in PDF readers. These dated components are classic gateways for drive-by downloads.

4. Cut the data collection that fuels targeting

Malvertising campaigns work via targeting — they go after specific profiles. The more detailed your profile is at the data brokers, the more attractive a target you become. Removing your data at the brokers (which is exactly what Sheeldy does) mechanically reduces your odds of being targeted.

Frequently asked questions

What is malvertising?

Malvertising (a contraction of malicious advertising) is the injection of malicious code into legitimate ad slots. The attacker buys an ad placement via an automated auction system, slips in a script that exploits a browser flaw, and any visitor whose browser loads the ad can be infected — without even clicking on it.

Do you need to click an ad to be infected?

No. In a malvertising drive-by download, simply loading the banner runs the malicious code. No click, no confirmation needed. A cautious user who never clicks on ads can still be compromised.

What is Real-Time Bidding (RTB)?

An automated auction system that decides in milliseconds which ad will be shown on the page you're loading. Your profile is auctioned off to hundreds of advertisers, the highest bidder wins, and their banner is injected. The publisher doesn't control what's displayed.

What is a dark pattern?

An interface deliberately designed to trick or manipulate you: fake close buttons, scare prompts, threatening red buttons placed where you expected a neutral confirm button, opt-outs buried behind ten submenus. The French CNIL and the EU (Digital Services Act) now explicitly sanction these practices.

How can you protect yourself from malvertising?

Four combined measures: an up-to-date browser (patches close the exploited flaws), a solid ad blocker (uBlock Origin on Firefox, Brave), an active antivirus with web detection, and data removal at the brokers so you're no longer targeted.

Factual sources Reports from the European Union Agency for Cybersecurity (ENISA) on malvertising and drive-by downloads · Harry Brignull's reference work on dark patterns · The EU's Digital Services Act (DSA) · IAB documentation on ads.txt and sellers.json.

In a nutshell

Intrusive advertising isn't just a comfort issue anymore. With malvertising, Real-Time Bidding and dark patterns, it has become a cybersecurity attack vector in its own right. Protecting yourself means blocking downstream (adblocker, up-to-date browser) and upstream (removing the data that feeds the targeting). That's exactly what Sheeldy promises: cutting the chain where it's still reversible.