While malvertising is not a new tactic, cybercriminals are continuously looking for ways to deceive their victims and attract them to their malware. That’s exactly what they are doing when they place their malicious ads on distributed ad networks that appear on legitimate websites. When people visit these sites, they are under the belief that everything they are viewing can be trusted, but that is not necessarily the case. Malicious advertising was discovered on The New York Times website by SlashNext. The ad that appeared on The New York Times page was promoting a PDF viewing and conversion tool. If a reader clicked the link in the ad, they would be taken to a legitimate-looking page that provided further information about the product as well as a large green button labeled, “Download to Continue.” What most visitors do not catch is the inconspicuous pop up in the lower right-hand corner of the page that appears and reads “By clicking the button, you agree to install the Homepage & New Tab and agree to the EULA and Privacy Policy.” After the app is installed, a unique phishing page will appear on the victim’s browser. This page carries out behavior monitoring of the victim by commandeering search and browser functionalities. The app is also capable of running malicious third-party content. If people took the time to carefully read the End User License Agreement (EULA) and Privacy Policy, they would find that they agreed to allow all of this. The policy specifically states that they do not take responsibility for any third-party actions. So, in essence, people are being fooled into allowing themselves and their machines to become victims, while the malicious behavior is disguised as legitimate through an inconspicuous EULA.