Researchers at Malwarebytes uncovered a malvertising campaign on the PopAds network that launches the Magnitude exploit kit (EK), infecting victims using old versions of Flash Player with CryptoWall 4.0 ransomware, according to a blog post.

The campaign, which mainly targets European users, launches the Magnitude EK through pop-under ads, ad windows that the researchers explained appear “behind the main browser window and typically remains open until the user manually closes it.” Once a systems is infected the victim, of course, is instructed to pay a ransom to retrieve documents, photos and other files.

The ads in this campaign have largely been placed on adult sites and video streaming sites, the researchers noted. They urged users to keep browsers and plugins current and suggested they “consider or removing the Flash Player altogether since it has suffered a high number of zero-day exploits in recent history.”