At their best, online ads match consumers with the perfect product. At their worst, they can infect a person’s device with malicious software.
A new report found that malicious ads overtook email scams and direct hacks as the primary channel for malware in 2025.
Cybercriminals use malware to infect machines with the aim of extorting money or data, or otherwise causing chaos for unwitting victims.
The report, shared exclusively with Business Insider by digital safety company The Media Trust, found that programmatic advertising — the practice of buying and placing targeted ads using automated software, often in real time — has become a growing security threat.
Advertising accounted for more than 60% of the malware and phishing campaigns observed by The Media Trust in 2025. Instances of malware delivered via programmatic channels grew 45% year-on-year, per the report.
The Media Trust said the threat has been compounded by advances in the $791 billion digital advertising space. Artificial intelligence makes it easier than ever to generate ads — such as celebrity deepfakes — and precision-target the most vulnerable consumers.
Elsewhere, programmatic advertising has expanded into new areas such as connected TV, digital out-of-home, and retail media — and bad actors are following the money.
Cybercriminals are also getting better at exploiting the sprawling chain of adtech vendors that power programmatic advertising to cover their tracks, despite the industry’s yearslong efforts to root out scammers, the report said.
Chris Olson, The Media Trust’s CEO, told Business Insider that about 80% of the source code on most websites and apps is designed to collect data and monitor users — a prime mechanism for bad actors to exploit.
He said consumers can protect themselves and others by verifying that the ad they’re about to click on or the e-commerce site they’re about to buy from is real, and by reporting scams if they discover them.
He said advertisers should also use their clout to demand a safer online ecosystem and press regulators and law enforcement to do more to combat digital crime.
“The idea of ad safety, from a brand perspective, is protecting their brand,” Olson said. “Billions of dollars are spent by brands to verify their pixels, so that the ads themselves don’t run on scary content or things they don’t want associated with the brand.”
These efforts often don’t translate into proportionate improvements in consumer safety, despite advertisers funding much of the content and platforms people view online, Olson said.
“People have continuously been thrown under the bus,” he added.
Read the original article on Business Insider
The post Online ads just became the internet’s biggest malware machine appeared first on Business Insider.
