A large-scale exploit kit (EK) campaign is spreading via an infected toolbar that is downloaded during a bundled software installation. In the other campaign, Cisco discovered a website redirecting Safari browsers to a domain delivering a malicious Flash Player installer. The RIG exploit kit and Safari redirects are both in the adversaries bag of tricks. Malvertising is an attractive attack vector for EK users because it offers a large potential victim pool compared to other avenues. The same campaign, powered by malvertising on the same hand, has multiple different entry points from a variety of related and unrelated web pages.
Source: https://threatpost.com/malvertising-ad-blockers-mac-malware/146861/