Malvertising Attack Targets Yahoo Ad Network

Yahoo HQ logo IRLYahoo’s ad network has been targeted by one of the largest malvertising attacks seen recently, according to Malwarebytes.

Malvertising – ads which contain malware – doesnt require any type of user interaction in order to execute their payload, and users can risk infection just by browsing infected sites. This malvertising campaign leveraged the Angler Exploit Kit, commonly used for ad fraud or so-called ransomware, which locks the user out of their device unless they pay for access.

The campaign began on 28 July but is no longer active, after Yahoo responded based on Malwarebytes warning.

“Yahoo is committed to ensuring that both our advertisers and users have a safe and reliable experience. As soon as we learned of this issue, our team took action and will continue to investigate this issue,” said Yahoo in an official statement.

“Unfortunately, disruptive ad behavior affects the entire tech industry. Yahoo has a long history of engagement on this issue and is committed to working with our peers to create a secure advertising experience. We’ll continue to ensure the quality and safety of our ads through our automated testing and through the SafeFrame working group, which seeks to protect consumers and publishers from the potential security risks inherent in the online ad ecosystem.”