A team of researchers unveiled the latest cyberattack, which involves Yahoo and its own advertising network and has already affected billions of users.
The researchers, who came from the security firm Malwarebytes, said that the attackers found a vulnerability in Yahoo's advertising network and took advantage of it to successfully install traps within the company's homepage, which also includes popular subsites such as its games, celebrity, finance and sports pages. When these pages are loaded, users are unaware that they are browsing a page that features malicious advertisements, thus making their PCs vulnerable to a scheme known as "malvertising."
"Malvertising is a silent killer because malicious ads do not require any type of user interaction in order to execute their payload," said Senior Security Researcher Jerome Segura of Malwarebytes. "The mere fact of browsing to a website that has adverts is enough to start the infection chain."
Segura added that for almost one week, the malicious ads that were "hiding" under ads.yahoo.com managed to successfully redirect users to a number of domains that exposed them to the Angler exploit kit. He also noted how some of the domains that have been redirected were hosted on Microsoft's Azure.
According to Malwarebytes, malicious ads look pretty much the same as any other ads that one sees on the Internet. The only difference is that they are fitted with a hidden code which, when triggered, redirects a PC to criminal servers.
The malware can also install the so-called "ransomware" on PCs, which causes the user's files to become inaccessible until finally, out of desperation, the individual decides to pay the criminals in order to get their files back.
"Attacking Yahoo's visitors would be enormously profitable for criminals," said Vadim Kotov, a malware researcher at the software firm Bromium Labs. "So it makes sense that you'd see this particular type of attack there."
Yahoo reportedly has an estimated 6.9 billion visitors a month to its homepage, a record that makes it the fifth most popular web destination based on a study by Alexa Ranking. It's unclear how many of its users have become affected by the latest attack.
"As soon as we learned of this issue, our team took action to block this advertiser from our network," said a spokesman for Yahoo in a statement. "Unfortunately, disruptive ad behavior affects the entire tech industry. Yahoo has a long history of engagement on this issue and is committed to working with our peers to create a secure advertising experience."
While Yahoo confirmed that it has shut down the massive malware campaign, the company declined to comment on the number of people that were affected. However, it did give a comment that "the scale of the attack was grossly misrepresented in initial media reports."