Online ads are increasingly being used a means of introducing malware into organizations, according to The Media Trust. “Malvertising surpassed both email and direct hacks as the leading vector for malware delivery worldwide,” said Chris Olson, CEO of The Media Trust, an ad scanning and filtering company with, perhaps, a vested interest in playing up the threat posed by ads. Millions of copies of a single infected advertising creative or script can be distributed across pulblishers in seconds, the company said in its 2026 Intelligence Report . The use of AI is accelerating this, allowing malicious actors to write adaptive malware that changes its behavior based on location, browser, or device. Among the malware attacks leveraging ads, the company pointed to Ghost Cat, Click Fix and SocGholish but there are several new techniques in the pipeline. In future, the company said, we can expect to see new attacks developing, including AI-assisted evasion, in which AI will be used to tailor language and imagery to evade detection, and adtech as infrastructure, with compromised APIs and tracking pixels used for payload delivery. The main motivation for these attacks, it said, will be financial gain, with more than half of malvertising driven by this, but 30 percent of attacks will be prompted by a wish to steal data. Espionage and attempts to disrupt operations will account for a much smaller proportion of attacks, it said. This article first appeared on CSO .