It was a fourth quarter to remember…and a fourth quarter to forget. The main reason to remember is so other Q4s will look positively luminous in comparison. I’m not just talking about the wrath of Omicron, which ruined holidays for countless families and continues to cause illness, death, and emotional distress across the globe. I’m talking about an alarming rise in malvertising that endangers publisher revenue and consumers’ online safety.  

As publishers struggle more than ever to balance user experience and monetization, the perils of the open programmatic marketplace require higher levels of vigilance, lest audiences be lost in a storm of malware. Let’s explore the factors behind the rise in malvertising and what publishers can do to combat its impact. 

Malware incidents on the rise 

In the digital ecosystem, The Media Trust detected a 64% increase in malware incidents during the final quarter of 2021 — which can account for thousands of impressions or hits — as compared to the same time period in 2020. And 2020 levels were already high as the programmatic marketplace struggled to snap back during the early days of the pandemic. 

Malvertising levels this high at the end of the year are unusual. It typically subsides a bit in the fourth quarter. Because increased advertiser demand enables publishers to increase CPMs and raise programmatic floors most malvertisers are priced out of the market.

However, Q4 2021’s record malware numbers weren’t the result of a few blanket attacks. The industry was assaulted by a wide variety of malicious code and content: 

• Redirects peaked in October, growing 170% over the course of the year. 
• In November, Digital media was awash in FizzCore, a notorious form of malicious clickbait that employs cloaking technology to hide its devious content. The amount of FizzCore detected grew 9X over two months. 
• An outbreak of fake antivirus/software update ads also hit hard in November, marking a 50% rise since the beginning of the year. 
• E-skimming typically increases in Q4 as bad actors hunt for consumer credit cards, but the amount detected in Q4 2021 was 63% higher than the year prior.  
• Scam ads, which surged in 2021 and made up nearly a third of malware in the space, stayed high and ticked up an extra 9% in December — nearly exceeding the summer peak. 

A most malicious year 

Unfortunately, these numbers are representative of  2021 as whole, where malware simply exploded. The Media Trust’s Digital Security and Operations team managed an average 2,210 malware incidents daily. That’s a 64% increase over 2020 and well above the ~1,000 historical average. During the summer — the height of the 2021 malware blitz — average daily malware incidents stayed above 3,000. 

Overall, The Media Trust identified 26,664 new malware incidents in 2021, a ~30% increase over the number cataloged in 2020. And our creative blocker, Media Filter, halted four times more malware than in the year prior.  

The proliferation of malvertising is simply breathtaking. 

What’s behind the rise in malvertising 

Certainly the 2020 surge in malvertising followed advertisers’ pause in spend; bad ads flooded the programmatic advertising space as publishers lowered floors to grab whatever revenue they could. But even as the pandemic drags on and on, programmatic markets seem to have rebounded. So, what’s behind this incredible 2021 surge in malware? 

First, from a programming perspective, the malvertising barrier to entry is very low. The dark web is full of malware kits for sale including turnkey phishing solutions and the ever-popular ransomware-as-a-service. There’s a whole black market ecosystem for selling pilfered data and access to infected devices — and often no legal repercussions for bad actors (though there were some impressive arrests in 2021). 

Secondly, research from eMarketer found that private marketplaces account for more RTB spend than the open programmatic marketplace. With $15.4 billion in advertiser spend in 2021, private marketplaces made up 56% of all RTB-transacted dollars. The open marketplace sat at $12.3 billion and had a 44% share.

According to eMarketer, the shift to private marketplaces is only going to accelerate in 2022. Spend is predicted to increase another 21% and make up 59% of all RTB spending. However, the open marketplace will only grow 5% and dwindle to a 41% share of RTB spend. 

We also see premium advertisers are investing heavily in connected TV (CTV) — although they’re struggling with campaign measurement — direct, and programmatic. These advertisers shifting their buying power away from the open marketplace is likely depressing CPMs. It is also making more room for bad actors to spread a variety of malicious wares.  

Is it time to give up on open programmatic? 

So, if the open marketplace is suffering from a rapidly growing malware infestation, am I suggesting publishers turn off their open programmatic pipes post-haste? Heavens, no! That’s not really an option for most digital publishers. Can you imagine the amount of revenue left on the table? All the unfilled inventory?  

It’s obvious why private marketplaces are increasingly attracting advertiser dollars: high viewability, actually engaged human beings rather than bots, and impressions on well-respected publications. We’ll see top-tier publishers layering in high-impact audience segments that will likely outperform third-party cookies.

But the challenge with private marketplaces has always been getting them to scale. I still hear publishers lament long-lingering Deal IDs with laughable fill rates. Truly getting private marketplaces to hum requires time and resources, something many publishers in the “fat middle” struggle with. 

Premium advertisers will keep buying in the open market. This may be to cherry-pick super-cheap inventory on premium publishers or for prospecting purposes. Smaller advertisers may find it easier to reach target audiences across a wider crop of publishers. Publishers also use the open marketplace to find new advertiser prospects and evaluate the market value of various types of inventory and audience segments. 

Your best defense against malvertisers is high quality data 

The open programmatic marketplace may be getting seedier but diligent publishers can still drive a ton of revenue. It’s just going to take more work to keep audiences safe from all the fraudsters spread across the programmatic pipes. 

Having a page/app-level creative blocker to bat away malware before it hits your property is table stakes. But with this massive expansion of malware in open programmatic, the quality of data fueling your blocker is more important than ever. Publishers can’t go cut-rate. Their ad-quality provider should be pumping data into the blocker in real-time from an in-house team of malware analysts. Third-party malware data isn’t going to be fresh enough. It may also lead to revenue-bleeding false positives. 

And finally, publishers need to be a lot more discriminating when it comes to their open marketplace partners — and by extension, those partners’ partners. Especially during the pandemic, publishers have been willing to install most demand sources that might give them an edge with bid density. But open programmatic is getting too dangerous to be carefree about the companies you monetize with. Ensure all your demand partners are scrutinizing both tags and landing pages (preferably from a variety of device and geographic profiles). And if a high percentage of the ads they bring you get shot down by your malware blocker, maybe they’re not the right fit for you. 

Open programmatic is definitely becoming a more dangerous place for monetization. But that doesn’t mean it’s not worth the revenue. With the right tools and policies, publishers can make bank — and keep their audiences safe and happy.