There are countless ways to inject malware into a computer, which is why people who use the internet should be very vigilant about the sort of websites they normally visit. One may expect to find malware on shady websites, not on internationally recognized websites like Yahoo. Turns out there was malware hiding in the ads being displayed on Yahoo’s website, the attack was sophisticated enough that it didn’t require users to click on the ad, merely visiting the company’s website would have injected malware from the Java-based ads. The company plugged the vulnerability quickly once it came to light, but it seems that the attack might have affected a greater number of users.
At first it was believed that the malware attack only affected European users on January 3rd. Yahoo has officially revealed that users may have been affected between December 27th, 2013 and January 3rd, 2013 and that while most of the people affected were based in Europe, “a small fraction” of users outside Europe might have been affected as well. While some malware was thought to steal personal information, few reports claimed that malware injected through Yahoo ads turned computers into Bitcoin miners. The company reveals that this attack occurred because an account was compromised, which has now been shut down. Yahoo is currently working with law enforcement to investigate this matter.