A botnet that uses infected users' computers to mine bitcoins has been exposed to 2 million Yahoo users.
The malicious software was embedded in adverts being served to the Yahoo site between 13 December and 3 January.
In a statement, Yahoo's spokesperson said: "On Friday, January 3 on our European sites, we served some advertisements that did not meet our editorial guidelines, specifically they spread malware."
The adverts, which were discovered by security firm Light Cyber and later confirmed by Yahoo
, were mainly targeted at users in Britain, France and Romania, but it isn't known how many computers were affected.
"The malware writers put a lot of effort into making it as efficient as possible to utilise the computing power in the best way,"
Light Cyber founder Giora Engel told the BBC.
Yahoo has reassured users that it has now blocked the adverts, though no statement has yet been made regarding how to detect and remove the software.