Cyphort researcher Nick Bilogorskiy says 10 million users may have been infected in as many as 10 days, thanks to a deadly malvertising and exploit kit campaign.
The cybercrime investigator says the popular Angler exploit kit is driving the campaign targeting users across Asia, the US, and parts of Europe.
It is the latest development in what appears to be a spiralling run of infections from malvertising and exploit kits.
Affected sites included at times the Japanese tentacle of The Huffington Post, popular Magna entity readms.com, and Indonesian paper bisnis.com, among many others.
Bilogorskiy says he has advised affected asset owners including Microsoft Azure, and ad platforms E-Planning.net and adtech.de.
"At least 10 million people have visited these websites and were potentially exposed to the Angler exploit kit in the last 10 days according to our estimates and data from SimilarWeb, Bilogorskiy says.
"In the last 10 days, Cyphort Labs found many more infected domains … please refrain going to these sites as they are dangerous.
"All of these appear to be top popular websites in various countries including Vietnam, Turkey, Japan, Saudi Arabia, and Germany.
Bilogorskiy says the malvertisers use multiple SSL redirectors to encrypt traffic and frustrate white hat analysts.
The campaign dates back to at least 11 July.
Invincea researcher Pat Belcher also probed the campaign and dubbed June the "worst month on record for malvertising".
Attackers made huge wins landing malicious ads on popular sites including The Drudge Report, celebrity trash mag PerezHilton, CBS Sports, Yahoo, Verizon FiOS, and eBay UK.
These sites are often victims of malvertising as much as their infected visitors since attackers go to length to conceal their malware within advertisements.
Some ads may run initially as a benign asset and be updated with exploit kit redirection capabilities after it is already displayed on the target web sites. ®