Yahoo Used by Hackers to Spread Malware to Millions of Users
The ad network used by Yahoo’s biggest domains including Yahoo.com among other frequently visited websites was the target of a cybercriminal group to spread malware to hundreds of millions of Yahoo visitors.
Advertising across several of Yahoo’s biggest domains including Yahoo.com and the company’s sports, finance, celebrity and game domains is being used by malicious hackers of a cybercrime group to spread malware to millions of Yahoo visitors. The intrusion was discovered and elaborated upon by security firm Malwarebytes.
Yahoo has an estimated 6.9 billion visits per month on its homepage yahoo.com, making it a particularly appealing target for a large-scale malvertising campaign. Yahoo’s ad network also extends to its most popular websites:
- news.yahoo.com with 308.50 million monthly visits
- finance.yahoo.com with 135 million monthly visits
- sports.yahoo.com with 112.50 million monthly visits
- celebrity.yahoo.com with 66.60 million monthly visits
- games.yahoo.com with 43.40 million monthly visits
Malvertising campaigns are particularly troublesome because they do not need any user interaction with their malicious ads in order to execute their payload. The simple task of merely browsing a web site that contains the malicious advertisements is enough to trigger the infection.
Hundreds of Millions of Users at Risk from an Exploit Kit
“While there is no way to know for sure who may have been exposed to the rogue adverts, the sheer numbers thrown at the Yahoo pages could potentially mean high rates of infection. Many Malvertising attacks tend to focus on specific geographical locations depending on ad networks used, but this campaign could have had a huge amount of reach,” revealed security researchers at Malwarebytes.
They further noted that the attack left hundreds of millions of Yahoo visitors open to two predominant threats: ransomware and malware.
Yahoo’s ad network was picked apart by cyber criminals who were able to infect it with the Angler Exploit kit, often considered the most sophisticated exploit kit available. The Angler Exploit kit is particularly dangerous because of its ease-of-use as a readily usable off-the-shelf packaged software. The package contains several pre-determined attacks that are designed to target zero-day vulnerabilities.
Multiple payloads such as Banking Trojans, CryptoLocker, backdoor Trojans, ransomware and other toolkits can be used to inject the exploit kit into its targets, making it a dangerous menace, according to a Threat Report published by security firm McAfee Labs recently.
Yahoo released a statement acknowledging the threat, saying:
Yahoo is committed to ensuring that both our advertisers and users have a safe and reliable experience. As soon as we learned of this issue, our team took action and will continue to investigate this issue.
Unfortunately, disruptive ad behavior affects the entire tech industry. Yahoo has a long history of engagement on this issue and is committed to working with our peers to create a secure advertising experience.
Malwarebytes stressed that the threat has been nullified due to Yahoo’s quick efforts in fixing the vulnerability.
“As soon as we detected the malicious activity, we notified Yahoo! and we are pleased to report that they took immediate action to stop the issue,” confirmed the security company.
Images from Shutterstock.