Malwarebytes security researchers say Yahoo is victim to the same group that has been involved in a number of large-scale campaigns that exploit vulnerabilities in Adobe Flash. Recently, Jamie Oliver's website was victim to attacks by the group, which saw the site riddled with malware. The Angler Exploit Kit (which was used in this latest attack) is dominating the underground malware scene right now, and it has seen its market share grow from a quarter to 83% in the past nine months, according to SophosLabs researcher Fraser Howard.
Most malvertising attacks make use of exploit kits in an attempt to redirect victims to a website with malware. Often the site infects a computer with ransomware, which locks a user out of their device unless they pay a fee to the hackers in order to regain access.
Chris Boyd, a malware intelligence analyst at Malwarebytes, told Business Insider that anything from banking trojans to additional advertising fraud software could be used in these attacks. Ad fraud costs advertisers more than $11 billion in wasted spend, according to survey findings from Solve Media. For users, it can significantly slow down their machines and waste power.
The campaign on the Yahoo ad tech and e-planning networks began on July 28 and is still active, according to Malwarebytes. The security company says, in a blog post due to be published later on Monday, that it has made Yahoo aware of the issue.
Here's the scary message Malwarebytes Anti-Exploit users see when they try to click on one of the infected ads:
Here's some of the nasty code Malwarebytes discovered on the Yahoo ad network.
The code shows that the Yahoo ad network URL leads to Microsoft Azure websites, which have also been affected as part of this attack. Boyd said many of the Azure websites caught up in this attack are likely to have been phished accounts, as opposed to ones set up for the explicit purpose of scamming users. Microsoft Azure websites are aimed at app developers and allow any individual to make a website.
Here's what Malwarebytes discovered across some Microsoft Azure websites.
Business Insider has contacted Yahoo and Microsoft for comment and we will update this article once we hear back.
Combined, Yahoo's websites attract an estimated 6.9 billion visits per month, according to data from SimilarWeb.
This means the attack is one of the biggest Malwarebyes says it has ever seen.
Boyd told Business Insider: "While there is no way to know for sure who may have been exposed to the rogue adverts, the sheer numbers thrown at the Yahoo pages could potentially mean high rates of infection. Many Malvertising attacks tend to focus on specific geographical locations depending on ad networks used, but this campaign could have had a huge amount of reach."