• by Erik Sass , Staff Writer @eriksass1, February 8, 2016

This article has been modified. See addendum at bottom.

Two big online publishers were hit with a malvertising campaign last week, with celebrity publisher TMZ.com and movie meta-review site Rotten Tomatoes both falling victim to malicious programs, including the dreaded baddy, ransomware.

The same campaign, which hit a number of publishers in January, also affected The Jerusalem Post in the latest round.

The blog Malwarebytes first reported the news.

The campaign, which traces back through fake Web sites to an ad platform called SmartyAds, delivers “booby trapped” ads that download malware on to the devices of unsuspecting users. Under certain conditions, the malware will redirect users to “Angler,” an “exploit kit” that will then unleash additional malware including the ransomware.

Malwarebytes reports that this campaign is particularly dangerous because it is so well disguised. Whoever is running it is disguising their backend server, as well as encrypting all their traffic, in part by serving ads over HTTPS with the content delivery system CloudFlare.

They are also concealing their identity by using an anonymous proxy for domain registration. The upshot of all this is that the campaign looks legitimate to many ad networks, making it even harder for them to identify and block the malicious content.

This news is especially bad for publishers because, through no fault of their own, the spread of malware delivered through legitimate-looking ads is yet another reason for consumers to use ad-blocking software. Like ordinary ad software, malware loads in Web browsers and ad blockers can automatically stop this.

Last year, security firm Lookout released a study showing big increases in mobile malware affecting U.S. consumers. According to Lookout, from 2013-2014 over 4 million U.S. Android users paid ransoms ranging from $300-$500 in order to free their devices.

Addendum: The original version of this article mistakenly implied that TMZ.com and Rotten Tomatoes failed to detect the malware infection. In fact both sites immediately detected the malware and took steps to stop the attack.