PropellerAds—a global performance‑driven advertising platform—released its annual Ads Safety Report 2025. The document aggregates moderation outcomes, enforcement actions, and fraud trends observed across the network throughout the previous year. While the report is an internal audit, its findings shed light on broader industry dynamics, especially as ad fraud continues to outpace many defensive measures.
Pre‑launch moderation spikes 35% year‑over‑year
PropellerAds recorded a 35 % increase in campaigns flagged and declined before they ever went live. The jump reflects expanded preventive controls and a broader moderation scope that now catches more non‑compliant content early in the workflow. According to the report, the numbers represent total rejections or blocks rather than unique campaigns; a single advertiser may trigger multiple rejections if several policy violations are detected.
Enforcement focus: cloaking drives most suspensions
Account suspensions—issued after confirmed violations—remain a critical lever for maintaining platform integrity. In 2025, 78.2 % of all suspensions (1,311 accounts) were attributed to cloaking, a technique that serves different content to users versus reviewers, effectively evading detection. Malware‑related violations accounted for 7.6 % (127 accounts), while “other” violations comprised 6.0 % (100 accounts).
Other notable suspension triggers included:
- Ransomware attacks – 2.9 % (49 accounts)
- Failed KYC (“fake ID”) – 2.6 % (44 accounts)
- Scam landing pages – 2.0 % (33 accounts)
- Confirmed fraud with multiple signals – 0.7 % (12 accounts)
The skew toward cloaking reflects an industry‑wide shift: fraudsters increasingly rely on sophisticated server‑side logic to serve clean ads to crawlers while delivering malicious or deceptive material to end users. This dual‑delivery model complicates traditional signature‑based detection and forces platforms to adopt behavior‑centric analytics.
Emerging fraud patterns in 2025
- Infrastructure‑heavy cloaking – Multi‑layer routing and conditional delivery mechanisms that dynamically alter content based on IP, device, or geolocation.
- Malvertising via direct file distribution – Campaigns that push executable files or installers directly to users, bypassing typical landing‑page checks.
- Messenger account hijacking – Attempts to compromise Telegram and WhatsApp accounts for illicit outreach, often paired with phishing vectors.
- Compromised infrastructure or hijacked domains – Use of expired domains, breached servers, or otherwise compromised hosting to host malicious payloads.
Technically, about 80 % of identified attack vectors targeted Windows and Android platforms, confirming that these operating systems remain the most attractive attack surface for ad‑tech fraudsters.
AI/ML as a supporting tool, not a replacement
The report notes that PropellerAds’ internal security stack incorporates AI/ML modules to surface anomalies, analyze interaction patterns, and prioritize high‑risk signals. However, the company emphasizes that these tools augment—rather than replace—human expertise and infrastructure checks. This hybrid approach mirrors a broader industry consensus that AI can accelerate detection but still requires expert validation to avoid false positives and ensure regulatory compliance.
Why the findings matter for advertisers and publishers
For advertisers, the heightened pre‑launch scrutiny signals that compliance will increasingly be a gatekeeper for campaign activation. Brands that neglect policy adherence risk not only delayed launches but also reputational damage if a campaign slips through and later triggers a suspension.
Publishers, particularly those operating on open‑exchange models, must be vigilant about the content they accept from ad networks. The prevalence of cloaking and direct file distribution means that a seemingly benign ad unit could conceal malicious payloads that jeopardize site security and user trust.
From a market perspective, the data underscores the competitive advantage of platforms that can demonstrably reduce fraud exposure. As advertisers allocate budgets toward brand‑safe inventory, platforms that publish transparent safety metrics—like PropellerAds—may attract higher‑quality spend.
Industry context: ad fraud’s evolving battlefield
Ad fraud has been a persistent challenge for the digital advertising ecosystem, costing billions annually. While classic click‑fraud and impression‑fraud remain prevalent, the 2025 report highlights a pivot toward programmatic advertising malvertising and cloaking, tactics that blend advertising with broader cyber‑crime objectives. This evolution forces ad‑tech vendors to integrate threat‑intelligence feeds, endpoint protection, and real‑time behavior monitoring into their ad‑delivery pipelines.
Regulators worldwide are also tightening scrutiny. The European Union’s Digital Services Act (DSA) and upcoming U.S. privacy legislation could impose stricter disclosure and remediation requirements on platforms that fail to curb malicious ads. PropellerAds’ public reporting of safety outcomes may pre‑empt regulatory pressure by demonstrating proactive governance.
Looking ahead: what 2026 could hold
If the 2025 trends continue, we can expect:
- Increased automation in pre‑launch moderation, leveraging more sophisticated AI models to flag nuanced policy breaches.
- Greater collaboration between ad‑tech firms and cybersecurity vendors to share threat indicators, especially around cloaking and malware distribution.
- Heightened advertiser accountability, with brands demanding proof of compliance before committing spend.
- Potential shifts in ad‑tech pricing, as platforms that maintain lower fraud rates may command premium rates for “clean” inventory.
Advertisers and publishers should monitor PropellerAds’ future releases for updates on mitigation strategies, especially as the line between ad fraud and broader cyber threats continues to blur.
Get in touch with our Adtech experts
