Times of Israel, Jerusalem Post and Last.fm all said to be affected.
Google’s advertising subsidiary DoubleClick has been infected by a malvertising campaign, according to the security firm Malwarebytes.
Adverts linking to malware are allegedly being posted on the Times of Israel, the Jerusalem Post and music streaming site Last.fm, with other ad publishers using Google’s service also thought to be at risk.
Jerome Segura, senior security researcher at Malwarebytes, said: "It appears that this is a much larger and ongoing campaign that is affecting a number of other popular websites.
"What is important to remember is that legitimate websites entangled in this malvertising chain are not infected. The problem comes from the ad network agency itself."
Victims are said to be directed to sites hosting the Nuclear exploit kit, which installs a Zemot trojan by targeting outdated versions of Adobe Flash and Microsoft’s Internet Explorer.
Once installed Zemot connects to a remote server to download tools that steal data and monitor a user’s activity, according to Malwarebytes.
Google has yet to respond to requests for comment from CBR.