Ads on Yahoo, Yahoo Finance, Sports etc exploited by hackers to infect millions of visitors with malware
Yahoo and its big websites are being exploited by cyber criminals to infect the page visitors’ computers with malware.
Malwarebytes security researchers have discovered a big malware injection campaign spread across almost all Yahoo domains including Yahoo.com, and its sports, celebrity, finance and games sites. The researchers said that the ads on all Yahoo websites were injected with the Angler Exploit Kit which exploits the vulnerabilities in Adobe’s Flash Player.
The Malwarebytes researchers also found that the hackers who are exploiting the ads on Yahoo are the same who had injected Celebrity Chef, Jamie Oliver’s website with the same Angler Exploit Kit malware.
The hackers use the ads injected with the exploit kits to redirect the visitors of the website to a redirected website laden either with malware of advertisements and surveys. In some cases the sites are infected with a ransomware, which encrypts the user files on the victim’s computer and asked them to pay a fee in for the decryption keys.
Malwarebytes researchers stated that the hackers implanted malware laden ads on the Yahoo ad tech and e-planning networks on July 28 and their campaign is still active. According to Business Insider the Malwarebytes has informed Yahoo about the issue.
In the report, Business Insider states that the malware codes on Yahoo ad network lead to Microsoft Azure websites, which have also been affected as part of this attack.
Malwarebyte’s Boyd told Business Insider that many of the Azure websites caught up in this attack are likely to have been phished accounts, as opposed to ones set up for the explicit purpose of scamming users.
It also noted that combined, all Yahoo websites attract estimated  6.9 billion visitors a month making this malware attack the largest one upto now.
Users are requested to take due precautions while visiting Yahoo and its affiliated domains till the time Yahoo takes down the injected ads.
We asked Yahoo for its comments and the Yahoo spokesperson in a emailed reply stated that,
“Yahoo is committed to ensuring that both our advertisers and users have a safe and reliable experience. As soon as we learned of this issue, our team took action to block this advertiser from our network.
We take all potential security threats seriously. With that said, the scale of the attack was grossly misrepresented in initial media reports and we continue to investigate the issue.
Unfortunately, disruptive ad behavior affects the entire tech industry. Yahoo has a long history of engagement on this issue and is committed to working with our peers to create a secure advertising experience. We’ll continue to ensure the quality and safety of our ads through our automated testing and through the SafeFrame working group, which seeks to protect consumers and publishers from the potential security risks inherent in the online ad ecosystem.”
