The Internet Storm Center (ISC)2 discovered the presence of the bad actors responsible of the Admedia attacks, behind a hacking campaign that targeted Joomla-hosted sites. Operators running websites based on the WordPress and Joomala must be aware of a spike in the number of compromised platforms used in Admedia. The ISC identified the use of the string admedia in most URLs generated by the iframes. The attacks started with a compromised website that generated an admedia gate, which led to Angler EK that is used to serve TeslaCrypt to vulnerable machines.”]
Source: http://securityaffairs.co/wordpress/44693/cyber-crime/admedia-attacks-joomla.html