Ads on Yahoo, Yahoo Finance, Sports etc exploited by hackers to infect millions of visitors with malwareYahoo and its big websites are being exploited by cyber criminals to infect the page visitors’ computers with malware.
The Malwarebytes researchers also found that the hackers who are exploiting the ads on Yahoo are the same who had injected Celebrity Chef, Jamie Oliver’s website with the same Angler Exploit Kit malware. The hackers use the ads injected with the exploit kits to redirect the visitors of the website to a redirected website laden either with malware of advertisements and surveys. In some cases the sites are infected with a ransomware, which encrypts the user files on the victim’s computer and asked them to pay a fee in for the decryption keys. Malwarebytes researchers stated that the hackers implanted malware laden ads on the Yahoo ad tech and e-planning networks on July 28 and their campaign is still active. According to Business Insider the Malwarebytes has informed Yahoo about the issue. Malwarebyte’s Boyd told Business Insider that many of the Azure websites caught up in this attack are likely to have been phished accounts, as opposed to ones set up for the explicit purpose of scamming users. It also noted that combined, all Yahoo websites attract estimated 6.9 billion visitors a month making this malware attack the largest one upto now. Users are requested to take due precautions while visiting Yahoo and its affiliated domains till the time Yahoo takes down the injected ads. We asked Yahoo for its comments and the Yahoo spokesperson in a emailed reply stated that, We take all potential security threats seriously. With that said, the scale of the attack was grossly misrepresented in initial media reports and we continue to investigate the issue. Unfortunately, disruptive ad behavior affects the entire tech industry. Yahoo has a long history of engagement on this issue and is committed to working with our peers to create a secure advertising experience. We’ll continue to ensure the quality and safety of our ads through our automated testing and through the SafeFrame working group, which seeks to protect consumers and publishers from the potential security risks inherent in the online ad ecosystem.”