Security experts at FireEye observed a new malicious campaign that is targeting non-profit organizations and non-governmental organizations by compromising legitimate websites. The threat actors use to compromise legitimate websites to host iframes used to hijack visitors to a threat actor-controlled IP address that serves a Poison Ivy remote access tool (RAT) The attackers attempted to masquerade the malicious code as a Google Chrome file, but they misspelled multiple words. FireEye expects threat actors are motivated to steal programmatic data and monitor organizations programs in specific countries.”]
Source: http://securityaffairs.co/wordpress/28703/cyber-crime/iframe-based-attacks.html