As the digital world barrels deeper into 2025, one thing is clear: the open web is under siege. Cybercriminals are evolving faster than many publishers, ad platforms, and brands can react, unleashing a relentless wave of malvertising, phishing redirects, and deceptive scams.
In our CYA 2025: Digital Media Under Assault report, we show the volume of malicious ad tags has grown 4X year over year, signaling a sophisticated and coordinated threat landscape targeting everyone from news readers to e-commerce shoppers.
Election Week Was Just the Beginning
On November 6, 2024—Election Day in the U.S.— Media Filter picked up a sixfold increase in malicious redirects, primarily phishing attacks exploiting the traffic surges to political and news websites.
That spike was just the beginning. Over the next several months, fake tech support scams, obfuscated phishing, and fake CAPTCHA ploys infiltrated trusted websites. The message is clear: attackers have found high-performing tactics—and they’re exploiting them at scale.
7 Emerging Threats That Demand Action
Here’s a breakdown of the most urgent threats facing digital publishers and platforms today—and what you can do about them.
1- StringRipper’s Evolution in Obfuscation
Malvertising has entered a new era with the rise of StringRipper, a phishing malware that hides inside legitimate ad tags, hijacking brand trust to redirect users to scareware and fake antivirus sites. Its rapid evolution includes fingerprinting and dynamic code creation, making it nearly invisible to traditional defenses.
Action: Partner with security providers who can detect advanced obfuscation. Share threat data upstream and be prepared to cut off compromised ad demand sources immediately.
2-Fake CAPTCHAs with Real Consequences (ClickFix)
ClickFix lures users into surrendering remote access by mimicking CAPTCHA pages. Once access is granted, attackers deploy malware like Lumma Stealer, harvesting credentials and compromising systems.
Action: Scrutinize every ad component, including landing pages. Ensure your security team is looking across all attack vectors in real time and share findings with partners to shut threats down quickly.
3. GhostCat Exposes the Video Myth
For years, video was considered a safe zone. No longer! GhostCat (aka ScamClub) uses video units to deliver phishing redirects and malware, doubling its presence in early 2025.
Action: Implement continuous video campaign monitoring, escalate threats quickly, and apply the same security rigor to video that you use for display ads.
4. When Trusted Code Turns Toxic
In a cautionary tale for all who rely on open-source tools, the JavaScript library Polyfill.io was sold and repurposed into a malware delivery system, impacting over 110,000 websites globally.
Action: Audit your third-party code regularly. Use tools that simulate real user experiences to detect hidden risks and monitor changes in domain ownership and script updates.
5. SocGholish: The Drive-By Download King
Using hacked WordPress sites and fake browser updates, SocGholish executes drive-by downloads without a single click. The malware accounted for nearly half of top malware infections in Q1 2025.
Action: Secure your CMS platforms, enforce strict access controls, and educate users on the dangers of unexpected software prompts.
6. AI-Powered Celebrity Scam Campaigns
FizzCore/CelebCore scams use AI-generated deepfakes and mirrored landing pages to impersonate celebrities and trick users into crypto and financial scams. These attacks have surged 5X in 2025.
Action: Use AI tools to detect and remove these scam creatives quickly. Share data across the ecosystem to prevent recurrence and stay ahead of AI-driven deception.
7. Vulnerable Populations Under Fire
Seniors and minors are under increasing threat from targeted scams and potentially unwanted programs (PUPs) masquerading as harmless tools. These tactics exploit trust and blend into native ad placements.
Action: Ban deceptive PUP-based ads, monitor for ad hijacks, and update platform policies to protect vulnerable users from becoming targets of evolving scams.
It’s Not Just Security. It’s Trust.
What these attacks reveal is more than a technical challenge—it’s a trust crisis. If consumers don’t feel safe, they disengage. If brands can’t guarantee a secure experience, reputations—and revenues—suffer. Malvertising isn’t just an adtech issue; it’s a fundamental threat to the future of the open web.
To restore and maintain trust:
- Implement real-time, proactive security across all ad and website systems.
- Choose partners who offer deep threat intelligence and respond instantly.
- Share data frequently and transparently across the ecosystem.
Bottom Line: Cover Your Assets
The digital threat landscape is growing faster and more sophisticated by the day. To survive and thrive in 2025, businesses must shift from reactive defenses to proactive strategies. The key to protecting your assets—whether it’s your website, your users, or your brand—is vigilance, collaboration, and the right security tools.
Because in the end, the cost of doing nothing is far greater than the investment in staying secure.
Download the CYA 2025 malware/malvertising report
