Ars Technica:

Researchers have uncovered a recent malicious advertisement campaign that’s notable for its size, scope, and resourcefulness: a two-day blitz triggered as many as 5 million times per day that used highly camouflaged JavaScript stashed in images to install a trojan on visitors’ Macs.

Wednesday’s post demonstrates how malvertisers continue to improve their techniques for slipping malicious content past advertisers who spend time and money to detect bad ads. Fortunately—for the moment, at least—most malicious ads seem to work by tricking visitors into clicking on OK buttons that will install malware.

Most of us wouldn’t be caught by this but it’s a good opportunity to remind less techy friends and family to not download files or click on random pop-ups.