Cyber criminals are targeting Yahoo's advertising networks in an orchestrated malware campaign putting millions of people at risk.
Security firm Malwarebytes, which discovered the campaign, reported that hackers used the sophisticated Angler exploit to infect victims through the Yahoo suite of websites.
Yahoo is currently the fifth most popular website in the world, according to analytics website Alexa, and runs a suite of verticals covering news, sports, gaming and celebrity news.
The hacking campaign began on 28 July and did not require any user interaction to take hold. Simply browsing a compromised website was enough to start the infection chain and spread malware and ransomware.
Jérôme Segura, senior security researcher at Malwarebytes, explained that the complexity of the "online advertising economy" makes it easy for hackers to abuse the system.
"It is one of the reasons why we need to work very closely with different industry partners to detect suspicious patterns and react very quickly to halt rogue campaigns," he said.
Segura added that it is not yet possible to determine exactly how many people have been affected by the hack.
Yahoo said in response that the malware campaign has been stopped and that the company is investigating the matter.
"Unfortunately, disruptive ad behaviour affects the entire tech industry. Yahoo has a long history of engagement on this issue and is committed to working with our peers to create a secure advertising experience," the firm said.
"We'll continue to ensure the quality and safety of our ads through our automated testing and through the SafeFrame working group, which seeks to protect consumers and publishers from the potential security risks inherent in the online ad ecosystem."
Grayson Milbourne, security intelligence director at security firm Webroot, warned that the sheer scale of the cyber attack is alarming.
"Monetary gain is the primary motivation for attacks of this nature, and in many cases ads are just traps for additional attacks," he explained.
"This exploit is an indication that potential breaches are heading in the direction of becoming more complex in nature, and with further-reaching effects on a larger number of end users."
This is not the first time Yahoo has fallen victim to a malware campaign. Hundreds of thousands of Yahoo users in Europe were infected in 2014 with malware injected via the advertising network that exploited security flaws in Java.
Applications from some member states were down more than 40 per cent
A new RSA report urges coders to sign a 'Hippocratic Oath' before embarking on AI programmes.
IT security vendor believes APT33 is working for the Iranian government
Darktrace pushes machine learning to take some of the pressure off of IT and security teams