Blue Coat says it has uncovered another malvertising campaign.
Yahoo’s advert network is being hijacked to serve users with CryptoWall ransomware, according to security firm Blue Coat.
Malverts, or malicious adverts, are said to be appearing alongside legitimate marketing, and are programmed to download malware to a user’s computer.
Chris Larsen, threat researcher at Blue Coat, said: "What looked like a minor malvertising attack quickly became more significant as the cyber criminals were successfully able to gain the trust of the major ad networks like ads.yahoo.com.
"The interconnected nature of ad servers and the ease with which would-be attackers can build trust to deliver malicious ads points to a broken security model that leaves users exposed to the types of ransomware and other malware that can steal personal, financial and credential information."
CryptoWall, a type of ransomware, encrypts users’ files before offering to unlock the data in exchange for a fee, much like CryptoLocker.
Several referral websites located in India, Burma, Indonesia and France were connected to the malware , according to Blue Coat, as well as a number of other "suspicious" ad servers.
Yahoo has been contacted for comment.