I’ve talked about malvertising, before. Here’s a recap: In malvertising, the adtech ecosystem is used to distribute security intrusions and malware to users. This is not the intent of the adtechnologists or advertisers, but the very design of the adtech ecosystem is useful to and aligns with the malvertiser’s goal: get this content spread as far and wide as possible, achieve great penetration in the target market, and be as underhanded as necessary in order to make users see it and interact with it.

So, we know malvertising is advertising used to serve malware. But what about the other way around?

Malware has many ways of being profitable: ransomware, information gathering & sale, identity theft, etc. As we know, advertising is big business. Unsurprisingly, then, adware is malware used to serve ads. As the advertising arms-race escalates, adtech must get more and more creative with getting ads to users. Malware is a natural step then, helping to inject ads in pernicious, unlikely, or highly-clickable places.

But, as Kaspersky writes in their discussion of OS X.Pirrit, this adware can just as easily do more dangerous things than serving ads. So, the circle comes back around.

Advertising and malware have goals and technologies that reinforce one another: get unwanted content to the unsuspecting user.