Yahoo said Monday it had removed malware from its advertising network, after malicious code there had gone undetected for at least six days.
Security researchers at Malwarebytes said they discovered malicious ads planted in Yahoo’s network on Sunday and alerted Yahoo. The malware attack had been underway since last Tuesday, wrote Jerome Segura, a senior security researcher at Malwarebytes Labs.
The malware was found in Yahoo’s ads network at ads.yahoo.com, which runs ads across Yahoo’s sites like its finance, games and news portals, as well as Yahoo.com. Users may have come across the infected ads when visiting Yahoo’s sites.