Security researchers are warning of a fake Adobe Flash Player update extension whose goal is to serve spam ads to victims.
The malicious plug-in, dubbed FlashPlayer11.safariextz, is being distributed from mostly adult websites, according to Jerome Segura of security firm Malwarebytes.
Unsuspecting users were told they need to install the Flash update to view a video in a fashion typical of many malicious extension scams.
The threat was "widespread," according to a spokeswoman for the company monitoring the outbreak.
Once the bogus software was installed, it displayed racy ads.
"For example, I visited PBSKids.org, a site for children to play games and watch their favourite characters, when all of a sudden a pornographic advertisement was displayed," Segura said in a blog.
It's not just lewd ads being served, either. The malware – which does not affect Internet Explorer, but was spotted in Chrome, Safari and Firefox – also is capable of superimposing spam ads over legitimate ones.
"Online advertising is a billion-dollar industry, and everybody wants to have a piece of it," Segura said.
"With such invasive adverts, cyber crooks are likely to generate a lot of views and even pay-per-clicks. If you believe you are seeing strange or inappropriate ads on the websites you regularly visit, it wouldn't hurt checking the extensions installed in your browser and removing the offending ones."