Yahoo! PH Purple Hunt 2.0 Ad Compromised! We used a browser extension which spoofs browser user agents, instead of installing different browsers. The downloaded file is detected by Trend Micro as TSPY_PIRMINAYA.A. The download only happens once per browser, which means that the malvertisement may have used an IP and user agent filtering of some sort to prevent multiple downloads which would make it suspicious to the end user. To be able to replicate the malware download from the compromised ad, we used an extension that spoofs the browser user agent.
Source: https://thehackernews.com/2011/04/yahoo-ph-purple-hunt-20-ad-compromised.html