Yahoo malvertising attack leaves 900 million at risk of ransomware

Malwarebytes uncovered the campaign after four days, and Yahoo has shut it down


A huge malvertising campaign that took over Yahoo's advertising network for four days last month could have hundreds of millions of potential victims.

Cyber security firm Malwarebytes uncovered the attack yesterday, and said it is one of the largest it has witnessed, affecting ads run across Yahoo's home, news, finance, sports, celebrity and games pages.

Advertisement - Article continues below

The home page,, gets 6.9 billion monthly visits alone according to SimilarWeb, meaning four days worth of traffic constitutes 890 million visits.

Even if those are not all unique, it would still leave hundreds of millions of people at risk of the malware, whose payload may consist of ransomware CryptoWall and ad fraud Bedep.

"This [is] one of the largest malvertising attacks we have seen recently," said senior security researcher Jrme Segura, who added that the attack leveraged Microsoft Azure to redirect users to an Angler exploit kit.

"We did not collect the payload in this particular campaign although we know that Angler has been dropping a mix of ad fraud (Bedep) and ransomware (CryptoWall)," Seguras said.

He explained that malvertising is particularly dangerous because it doesn't require victims to take action to download the bugs it is enough to simply browse a website containing infected adverts.

Advertisement - Article continues below

"The complexity of the online advertising economy makes it easy for malicious actors to abuse the system and get away with it," Segura added.

Advertisement - Article continues below

Yahoo took measures against the attack as soon as Malwarebytes made it aware, and the campaign is no longer active.

A Yahoo spokesperson said: "Yahoo is committed to ensuring that both our advertisers and users have a safe and reliable experience. As soon as we learned of this issue, our team took action and will continue to investigate this issue.

"Unfortunately, disruptive ad behavior affects the entire tech industry. Yahoo has a long history of engagement on this issue and is committed to working with our peers to create a secure advertising experience. We'll continue to ensure the quality and safety of our ads through our automated testing and through the SafeFrame working group, which seeks to protect consumers and publishers from the potential security risks inherent in the online ad ecosystem."

Protecting yourself

However, the scale of the attack led some to ask just how secure Yahoo's systems are.

Advertisement - Article continues below

Grayson Milbourne, security intelligence director at cybersecurity firm Webroot, said: "This exploit raises serious questions about the size of this attack and Yahoo's security processes.

"[It] is an indication that potential breaches are heading in the direction of becoming more complex in nature, and with further reaching effects on a larger number of end-users."

Milbourne urged users to stick to the Chrome browser, coupled with anti-ad software, to avoid malvertising threats in future.

"Use the Chrome browser along with an ad-removal extension," he said. "There are number to pick from, and using this combination offers the best chance of preventing an ad network redirect to an exploit kit." 

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Putting a spotlight on cyber security

An examination of the current cyber security landscape

Download now

The economics of infrastructure scalability

Find the most cost-effective and least risky way to scale

Download now

IT operations overload hinders digital transformation

Clearing the path towards a modernised system of agreement

Download now



University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020

Best antivirus for Windows 10

30 Jun 2020

Most Popular


How to find RAM speed, size and type

24 Jun 2020
data protection

EU institutions told to avoid Microsoft software after licence spat

3 Jul 2020
Mobile Phones

The Man has ruined my Huawei P40

3 Jul 2020