Online advertising, at its best, connects consumers with relevant products. But a new report reveals a darker side: malicious ads have overtaken email scams and direct hacks as the primary channel for spreading malware, posing a growing threat to individuals and businesses alike. This shift underscores a fundamental vulnerability in the increasingly complex digital advertising ecosystem.
The findings, shared exclusively with Business Insider by digital safety company The Media Trust, highlight the dangers of programmatic advertising – the automated buying and selling of ad space in real time. According to the report, advertising accounted for more than 60% of malware and phishing campaigns observed in 2025, a significant increase from previous years. Instances of malware delivered through programmatic channels grew by 45% year-over-year.
The Rise of Programmatic Advertising and its Security Risks
Programmatic advertising has turn into the dominant force in the $791 billion digital advertising space, offering efficiency and precision targeting. However, this efficiency comes at a cost. The speed and complexity of programmatic systems create opportunities for malicious actors to inject malware into the ad supply chain. The report points to the increasing sophistication of cybercriminals, who are exploiting the numerous vendors involved in programmatic advertising to conceal their activities and evade detection.
The proliferation of artificial intelligence is further exacerbating the problem. AI-powered tools create it easier to generate convincing, yet harmful, advertisements, including increasingly realistic celebrity deepfakes designed to trick users into clicking malicious links or downloading infected files. This targeted approach allows attackers to focus their efforts on the most vulnerable individuals, maximizing the impact of their campaigns.
Expanding Attack Surfaces: Connected TV and Beyond
The threat isn’t limited to traditional online advertising. Programmatic advertising is rapidly expanding into new areas, such as connected TV (CTV), digital out-of-home displays, and retail media networks. As ad dollars flow into these new channels, cybercriminals are following suit, seeking to exploit vulnerabilities in these emerging ecosystems.
The complexity of the adtech landscape – the network of companies and technologies that power programmatic advertising – presents a significant challenge. Cybercriminals are adept at exploiting the sprawling chain of adtech vendors to obfuscate their tracks, despite ongoing industry efforts to combat ad fraud. The report notes that despite years of work to root out scammers, malicious actors continue to find new ways to exploit the system.
The Vulnerability of Websites and Apps
Chris Olson, CEO of The Media Trust, highlighted a fundamental vulnerability that underpins the problem. He stated that approximately 80% of the source code on most websites and apps is dedicated to collecting data and monitoring user behavior. This pervasive data collection creates a prime mechanism for bad actors to exploit, gaining access to sensitive information and spreading malware.
Protecting against these threats requires a multi-faceted approach. Consumers can seize steps to protect themselves by carefully verifying the legitimacy of ads and websites before clicking or making purchases, and by promptly reporting any suspected scams. Advertisers, meanwhile, have a responsibility to demand greater security from their adtech partners and to advocate for stronger regulations and law enforcement efforts to combat digital crime.
Olson emphasized that while brands invest heavily in protecting their own reputations – spending billions to ensure their ads don’t appear alongside inappropriate content – these efforts often fail to translate into comparable improvements in consumer safety. “People have continuously been thrown under the bus,” he said.
What Can Be Done?
The report suggests several key areas for improvement. Strengthening security protocols throughout the adtech supply chain, enhancing transparency, and promoting collaboration between industry stakeholders are crucial steps. Increased investment in AI-powered threat detection and prevention technologies is essential to stay ahead of evolving cyber threats.
The rise of malicious advertising represents a significant challenge to the integrity of the digital ecosystem. Addressing this issue requires a concerted effort from consumers, advertisers, and regulators to create a safer and more secure online environment. The Media Trust’s findings serve as a stark reminder that vigilance and proactive security measures are paramount in the face of increasingly sophisticated cyberattacks.
Looking ahead, the industry will likely face continued pressure to address these vulnerabilities. Ongoing discussions regarding data privacy regulations and the responsible use of AI in advertising will undoubtedly shape the future of programmatic advertising and its security landscape. Further reports from The Media Trust and other cybersecurity firms are expected to provide ongoing insights into emerging threats and best practices for mitigation.
Have thoughts on this evolving threat? Share your comments below and let us know how these findings impact your online experience.
