People who spend time online are no strangers to digital advertising. From pop-ups that interrupt browsing sessions to sponsored posts on social media and banner ads embedded in news articles, advertising has become an inseparable part of the internet experience. However, a recent study conducted by The Media Trust has revealed a troubling trend: in 2025, nearly 60% of malware and phishing incidents were linked to online advertisements.
This finding signals a shift in how cybercriminals operate. While email has long been considered a primary vehicle for spreading malicious software, online ads are now playing a more active and sophisticated role. Rather than simply serving as passive channels, certain compromised or malicious ads are being weaponized to directly distribute malware. In many cases, users do not even need to click on the advertisement; the mere act of loading a page can trigger harmful scripts in what cybersecurity experts call “malvertising.”
According to research first published in Business Insider, cybercriminals are increasingly using malware to steal personal information or extort money through ransomware attacks. These attacks often appear legitimate at first glance, disguising themselves as trusted brands or urgent security alerts. Automation-driven advertising systems—designed to deliver highly targeted ads at scale—are now being exploited as an efficient distribution network for these threats.
The rise of Artificial Intelligence has further complicated the landscape. AI-powered tools enable the rapid creation of convincing digital ads, including deepfakes and highly personalized scam content. This technological advancement makes fraudulent campaigns more believable and harder to detect, increasing the risk of financial scams and identity theft for everyday users.
What makes the situation even more concerning is the breadth of platforms affected. Malicious advertising is no longer confined to traditional websites. It is spreading through connected TV platforms, retail media networks, satellite TV services, and smartphones. In essence, any device connected to the internet can potentially become a target, expanding the reach and profitability of cybercriminal operations.
Chris Olson, CEO of The Media Trust, noted that approximately 80% of websites and mobile applications are built with features that collect user data and monitor activity. This data-driven ecosystem explains why searching for a smartphone or tablet on a retail site often leads to a flood of related ads across multiple devices in a household. While targeted advertising can improve marketing efficiency, it also creates opportunities for malicious actors to exploit user data and distribute harmful content more effectively.
As digital advertising continues to evolve, so too must awareness and cybersecurity defenses to protect users in an increasingly connected world.
