Malvertising, short for “malicious advertising,” is the use of online ads to spread malware. Attackers buy ad space on legitimate websites or ad networks and embed malicious code in the ads. When users view or click the ad, their system can get infected—sometimes without any interaction, through what’s called a drive-by download. Malvertising often targets popular sites to reach a large audience and can exploit browser or plugin vulnerabilities to deliver ransomware, spyware, or other threats.