---
type: "term"
title: "Malvertising"
description: "The use of online advertising to distribute malware or redirect users to malicious websites."
resource: "tlctc:term:malvertising"
tags:
  - "glossary"
---
# Malvertising

The use of online advertising to distribute malware or redirect users to malicious websites. In TLCTC: malvertising is a **delivery vector**, not a distinct threat category. It can deploy either exploits or malware depending on the attacker's strategy:

- If it exploits a browser/plugin vulnerability: `#3 Exploiting Client` → `#7 Malware`
- If it delivers malware directly (e.g., fake download): `#9 Social Engineering` → `#7 Malware`
- If it redirects to a credential-harvesting site: `#9 Social Engineering` → `#4 Identity Theft`

**Reference:** V1.9.1 Clarifications, Buzz-Word Refinement (#3)

See also: Drive-By Download, Watering Hole Attack, Phishing