Malvertising & Ad Quality Index Q2 2021

(formerly known as Demand Quality Report)

Download full report

Confiant's Malvertising and Ad Quality (MAQ) Index (formerly known as our Demand Quality Report) is a quarterly look into the quality of demand in digital advertising.

Using a sample of over 156 billion impressions monitored in real time in Q2 2021, Confiant is able to answer fundamental questions about the state of creative quality.

Digital advertising delivers significant value to publishers but introduces myriad risks related to security, privacy, and user experience. Malicious, disruptive, and annoying ads degrade user experience and drive adoption of ad blockers.

In September 2018, Confiant released the industry's first benchmark report.
This report, the thirteenth in the series, covers Q2 2021.


  • Security Violations

    Security Violations

    Attempts to compromise the user through the use of malicious code, trickery, and other techniques. Top issues include:

    • Malicious Clickbait
    • Forced redirects
    • Criminal scams
    • Fake ad servers
    • Fake software updates
    • High-Risk Ad Platforms (HRAPs)*

    *Ad platforms that consistently serve abnormal levels of malicious ads and are the preferred vector for malicious actors.

  • Quality Violations

    Quality Violations

    Non-security issues related to ad behavior, technical characteristics, or content. Top issues include:

    • Heavy ads
    • Misleading claims
    • Video arbitrage (formerly In-Banner Video)
    • Undesired audio
    • Undesired video
    • Undesired expansion

Industry View

In Q2 2021 1 in every 156 impressions was dangerous or highly disruptive.

How did the industry fare in Q2 2021?

How did the industry fare in Q2 2021?

In Q2 2021, the Security violation rate decreased by 0.06 percentage points from Q1 2021.

Violation rates for Quality issues rose 7% in Q2 vs. Q1, while Security saw its first substantial decline in several quarters. This is the fourth consecutive quarter that the Quality violation has increased, driven by the increased prevalence of Heavy Ads and Misleading Ads.

Q2 2021 Violation Rates by Country

Q2 2021 Violation Rates by Country

European markets have historically had higher rates of Security violations than the U.S., a trend that continues in Q2. The UK was the lone exception, with a Security violation rate 29% below the U.S. rate. Spain was a hotbed for Security issues, coming in at 5x the U.S. level.

Quality violations remained far more prevalent in the U.S. than elsewhere in Q2, a trend that’s held through several reports.

Q2 2021 Violation Rates by Browser

Q2 2021 Violation Rates by Browser

SSP Rankings

Nearly 1 in every 100 ads delivered by a major SSP was misleading.

Q2 2021 Security Violation Rates by SSP

Q2 2021 Security Violation Rates by SSP

For the second quarter in a row, Google underperformed the industry average for Security, coming in at 47% above the average violation rate and ranking 11th of 12.

SSP-L turned in a last-place performance for the third straight quarter, with their Security violation rate coming in at 132x that of the best performing SSP.

Average duration of attack by SSP in Q2 2021

Average duration of attack by SSP in Q2 2021

SSPs differ in their ability to respond to attacks once they are underway. We measure how long it takes from when a threat first appears on an SSP to when it’s last seen. On this measure, we see huge differences among the major SSPs.

In Q2, SSPs J and K were the outliers, taking an average of over 50 days to fully resolve an attack. Conversely, SSP G took less than a day to resolve attacks.

Q2 2021 Violation Rates by SSP

Q2 2021 Violation Rates by SSP

Major Threat Groups Q2 2021

  • Zirconium


    Zirconium is notable for their persistence, technical prowess, and ability to adapt in a changing environment.
    For years, Zirconium have used their understanding of Ad Tech in order to form dozens of convincing business entities to gain seats on major buying platforms.

  • Yosec


    Yosec is a threat actor that pushes fake Flash drive-by downloads and tech support scams via forced redirects.
    The bulk of their activity targets Mac devices, particularly the Safari browser.

  • DCCBoost


    DCCBoost campaigns consistently include interesting malvertising innovations from a technical standpoint.
    They use a combination of server-side targeting combined with a compartmentalized client-side payload in order to deliver the malicious ad in stages.

  • Malicious Clickbait Attacks

    Malicious Clickbait Attacks

    These days, most malvertising falls under the category of "Malicious Clickbait".
    The attackers will launch a display ad campaign for a benign looking brand and then "flip" the creative to some clickbait messaging — usually a celebrity-endorsed investment opportunity.

  • HircusPircus


    While not a specific malvertising threat actor, we wanted to highlight a cluster of investment firms primarily based in Cyprus that sit at the end of the kill chain for a large amount of malvertising scams.
    Fully licensed to operate as investment brokers across Europe, these companies accumulate victims’ complaints and regulatory friction for their unsavory practices.

Download full report

Confiant’s Malvertising and Ad Quality (MAQ) Index provides an inside look into the frequency and severity of ad quality issues in digital advertising. Discover what were the top concerns for premium publishers, how SSPs performed in 2021, and what tactics were employed by malvertisers.

Learn about major threat groups active & their tactics

The full report details active threat actors, their techniques, & their impact on the digital ecosystem over the last quarter.

Learn how SSPs are performing

Confiant tracked impressions from over 100 SSPs. However, 75% of global impressions originated from just 12 providers commonly used by publishers. Explore which SSPs are performing the best and worst when it comes to ad quality quarter over quarter.