Search engine calls for collaboration to reduce malware epidemic.
Millions of web users were found to have been exposed to ad injections after they downloaded malicious browser extensions or other bits of software, according to data compiled by Google.
A piece of code inserted into the search engine websites showed that 5.5% of the unique IP addresses accessing Google sites were seeing pages with adverts illegitimately injected into the page.
Analysing the results, the search engine found more than 50,000 browser extensions and more than 34,000 pieces of software that injected adverts into webpages, often as part of affiliate schemes.
Kurt Thomas, spam and abuse research at Google, wrote on the firm’s blog: "Ad injectors are programs that insert new ads, or replace existing ones, into the pages you visit while browsing the web.
"We’ve received more than 100,000 user complaints about them in Chrome since the beginning of 2015 – more than any other issue. Unwanted ad injectors are not only annoying, they can pose serious security risks to users as well."
Hackers are said to use a number of tactics to spread the ad injector software, including conventional marketing, bundling the malware with popular downloads, and social advertising.
Once installed the programs allegedly rely on so-called "injection libraries" including Superfish, a piece of adware that earlier this year was found to have been bundled with Lenovo computers.
"These [adware] companies manage advertising relationships with a handful of ad networks and shopping programs and decide which ads to display to users," Thomas said.
"Whenever a user clicks on an ad or purchases a product, these companies make a profit, a fraction of which they share with affiliates."
He added that Sears, Target and eBay were among the victims because they were unwittingly paying for traffic to their sites that had been generated by unwanted software.
Following its research Google has taken more aggressive steps to police its Play Store for apps, as well as contacting advertisers affected.
It has also tweaked its AdWords policy to make it more difficult for advertisers to promote unwanted software.
"Considering the tangle of different businesses involved – knowingly, or unknowingly – in the ad injector ecosystem, progress will only be made if we raise our standards, together," Thomas said.
"We strongly encourage all members of the ads ecosystem to review their policies and practices so we can make real improvement on this issue."