Research Brief:

Operation Fingerprint


This paper is the result of several months of researching and monitoring malvertising campaigns that we have observed affect thousands of publishers and dozens of ad networks. The goal of this research is to summarize some of the malvertising campaigns we have seen and give numbers to quantify their impact. While some of those incidents have ceased, others are still ongoing and the threat actors responsible for them are very successful at bypassing most ad quality and security checks.


  • Hundreds of URLs used in malicious redirections
  • Over 100 fake advertiser domains
  • Dozens of ad networks abused, including top ones
  • Use of SSL to encrypt ad call URL and content
  • Targeted towards genuine residential IP addresses only
  • Booby-trapped GIF images hiding code with on-the-fly encoding
  • Fake advertiser profiles and deceiving websites
  • 42% of infections happened in the U.S.
  • Cost: only 19 cents for each 1000 impressions (CPM)

Free download

Malwarebytes Endpoint Protection

Protects your endpoints with next-gen tech that out-thinks malware and traditional security.

Malwarebytes Incident Response

Centralized threat detection and remediation. Responding to incidents when seconds matter.