From avira.com
Malvertising: A brief introduction to the online threat you don’t want to meet
Malicious advertising, or malvertising, is a relatively new cyberattack technique that injects malicious code into digital ads. These malware-infected adverts are then displayed online to people like you and me. They can be found on any website—even those you might trust. When you click on a malicious ad, you unleash the malicious code embedded in it and it can harm your device or damage or steal your data.
According to Wikipedia, the first recorded malvertising attack occurred in late 2007 and exploited a vulnerability in Adobe Flash. It attacked popular online platforms, including MySpace. As an online threat, malvertising has an impressive (and rather embarrassing) timeline of milestones: In 2009, The New York Times online magazine published an ad that tricked readers into installing malicious security software on their computers—these devices then became part of a botnet. (Need to brush up on botnets? It refers to a network of private computers that are infected with malicious software and controlled as a group). In 2011, Spotify fell victim to a drive-by download malvertising attack—and hot on its heels The Los Angeles Times was targeted by a similar campaign. It was Yahoo.com’s turn in 2013 and many of the webpage’s 6.9 billion monthly visitors were at risk.