Yahoo CEO Marissa Mayer. AP Advertising across Yahoo's biggest websites — Yahoo.com, and its sports, celebrity, finance and games sites — is being exploited by a cybercrime group looking to infect people's computers with malware, according to security company Malwarebytes.

Malwarebytes security researchers say Yahoo is victim to the same group that has been involved in a number of large-scale campaigns that exploit vulnerabilities in Adobe Flash. Recently, Jamie Oliver's website was victim to attacks by the group, which saw the site riddled with malware. The Angler Exploit Kit (which was used in this latest attack) is dominating the underground malware scene right now, and it has seen its market share grow from a quarter to 83% in the past nine months, according to SophosLabs researcher Fraser Howard.

Most malvertising attacks make use of exploit kits in an attempt to redirect victims to a website with malware. Often the site infects a computer with ransomware, which locks a user out of their device unless they pay a fee to the hackers in order to regain access.

Chris Boyd, a malware intelligence analyst at Malwarebytes, told Business Insider that anything from banking trojans to additional advertising fraud software could be used in these attacks. Ad fraud costs advertisers more than $11 billion in wasted spend, according to survey findings from Solve Media. For users, it can significantly slow down their machines and waste power.

The campaign on the Yahoo ad tech and e-planning networks began on July 28 and is still active, according to Malwarebytes. The security company says, in a blog post due to be published later on Monday, that it has made Yahoo aware of the issue.

Here's the scary message Malwarebytes Anti-Exploit users see when they try to click on one of the infected ads:

Here's some of the nasty code Malwarebytes discovered on the Yahoo ad network.

Yahoo provided Business Insider with this statement after this story was published

Yahoo is committed to ensuring that both our advertisers and users have a safe and reliable experience. As soon as we learned of this issue, our team took action to block this advertiser from our network.

We take all potential security threats seriously. With that said, the scale of the attack was grossly misrepresented in initial media reports and we continue to investigate the issue.

Unfortunately, disruptive ad behavior affects the entire tech industry. Yahoo has a long history of engagement on this issue and is committed to working with our peers to create a secure advertising experience. We’ll continue to ensure the quality and safety of our ads through our automated testing and through the SafeFrame working group, which seeks to protect consumers and publishers from the potential security risks inherent in the online ad ecosystem.

The code shows that the Yahoo ad network URL leads to Microsoft Azure websites, which have also been affected as part of this attack. Boyd said many of the Azure websites caught up in this attack are likely to have been phished accounts, as opposed to ones set up for the explicit purpose of scamming users. Microsoft Azure websites are aimed at app developers and allow any individual to make a website.

Here's what Malwarebytes discovered across some Microsoft Azure websites.

A Microsoft spokesperson provided Business Insider with this statement: "As soon as we were alerted to the malicious site we took immediate steps to shut it down. When we identify misuse of the service that violates the Azure Acceptable Use Policy, such as the distribution of malware, we quickly take action. To report suspected security issues or abuse of Microsoft Online Services, visit https://cert.microsoft.com/."

Combined, Yahoo's websites attract an estimated 6.9 billion visits ondesktop per month, according to data from SimilarWeb.

This means the attack is one of the biggest Malwarebyes says it has ever seen.

Boyd told Business Insider: "While there is no way to know for sure who may have been exposed to the rogue adverts, the sheer numbers thrown at the Yahoo pages could potentially mean high rates of infection. Many Malvertising attacks tend to focus on specific geographical locations depending on ad networks used, but this campaign could have had a huge amount of reach."

In June, security experts called for Adobe Flash users to install a critical security update sooner rather than later to protect themselves from hackers running cyber blackmail scams.