A cybersecurity firm says it’s uncovered an experimental and more complex form of malware than previously seen inside of several major ad networks, potentially signaling that mainstream hackers are looking to target the ad-tech ecosystem beyond siphoning revenue.

Devcon, a startup focused on cybersecurity for the media industry, says it found several polyglots—malware that uses complex code to disguise itself within an image—inside of what appear to be digital ads pretending to be from brands. The company didn’t disclose which websites served up malicious ads, but so far, the fraudulent ads have been seen in ad servers including GumGum and Yahoo, with a handful of sites attacked as many as 50,000 times over the past few weeks. So far, the company has identified five brands and seven pieces of ad creative used by polyglots.

The volume of attacks using polyglots in the past week has been as large as Devcon has seen take months with other exploits (code used to take advantage of software), according to Devcon CEO Maggie Louie. She said the complexity and scale of the attack might be a sign mainstream hackers are looking to take advantage of vulnerabilities within the ad-tech ecosystem. And that might mean moving beyond siphoning ad dollars into tactics like ransomware. Researchers say polyglots could be used to harness processing power from devices for use in cryptocurrency mining and to transfer money from one bank account to another using a supply-side server and a demand-side server.

While polyglots aren’t new to anyone familiar with cyberattacks, Devcon says it’s the first time they’ve been seen in digital advertising. And given the nature of digital advertising’s infrastructure, attaching malicious code to programmatic ads could pose a new threat to users. That’s because hackers could use demographic and other data for buying audiences they want to attack in a hypertargeted way.

While a similar exploit called steganography can hide a file within another file—such as by altering pixels within an image that are hidden to the human eye—a polyglot can operate as an image file but also execute JavaScript code. That’s something Devcon chief technology officer Josh Summitt says makes JavaScript-rich ad-tech systems especially vulnerable.

“It’s the missing link. … It’s a huge jump for a hacker group that we saw just two months ago using some known techniques that weren’t sophisticated at all to what is now a very sophisticated research project.” Louie said.

Summitt, who was skeptical at first as to whether the firm had actually identified a polyglot, said the images seemed innocent with what appeared to be a small payload that’s part of the ad. However, once the impression is served on a website, it will automatically deploy—perhaps sending a user what looks like an average pop-up scam about a software update or a coupon.

Devcon has been tracking this particular group of hackers since last summer and has seen the exploits evolve from less complex techniques. While some of the brands spoofed in this attack are lesser known—such as JobsImpact.com and a women’s online retailer called Bellelily—previous attacks included ads from better known brands like Carnival Cruises.

Once a user clicks on a malicious ad, they might be asked to input sensitive information such as medical history, credit card information or an email address.

“We’re aware and investigating the use of unauthorized polyglot technology affecting some ads on our network,” a Verizon spokesperson said via email. “Providing a trusted digital experience to our partners is a top priority. In tandem with our proprietary technology, partners and human reviewers, we’ve deployed new tools that can better detect these sophisticated threats that pose as legitimate ad content.”

GumGum declined to comment.

Louie said the malware isn’t necessarily the fault of GumGum, Verizon or the publishers where the polyglots were found, describing GumGum and Verizon as “highly reputable ad networks.” However, because digital publishers and advertisers are reliant on ad tags and cookies from third-party JavaScript carriers, it’s an inherent vulnerability.

“We’re not talking about bad actors trying to finishing a campaign by throwing some bots at it,” Summitt said.

According to Augustine Fou, an independent ad-fraud researcher, the presence of polyglots within ad networks might not be as widespread or as bad as it at first appears. He said polyglots are still more often used for compromising human devices and other types of cybercrime, adding that it’s hard to estimate the scale of the problem because researchers often have a hard time finding more than a few instances of malware.

Fou said the exploits have been in use for at least a few years but that it doesn’t take a lot of it to create a problem.

“It’s more like all of ad tech has allowed this stuff to happen because they’re not scanning every single creative,” he said.

Tyler Shields, vp of strategy at the cybersecurity from Sonatype, said the polyglots are a “very interesting and novel attack model,” but they pose some unique threats.

“Usually when a new threat is discovered it gets a quick spike of exploitation and then fades away for a bit only to come back stronger at a later date,” he said. “I think you’ll see that happen with this model. Attacks happen now, it’ll disappear for a bit, then come back with a vengeance at some point in the future.”

Mike Zaneis, CEO of the Trustworthy Accountability Group, an ad industry trade organization that fights cybercrime, said it’s the first time he’s heard of polyglots used within advertising. However, he said, TAG members have been reporting other types of attacks with more frequency, especially in mobile, premium video and in-app ads.

TAG conducted a briefing recently about a software developer kit attack called “Drainerbot,” which Oracle discovered was stealing data from mobile users.

“We are seeing the frequency of industry collaboration and education accelerate,” he said. “That to me is the most effective thing the industry at large can do: to share threat vectors with each other.”