Unauthorised YouTube adverts exposed by security firm
A London-based team of security researchers has exposed a scheme which inserted unauthorised adverts into Google's YouTube.
Spider.io discovered two programmes which placed ads on YouTube's website when viewed by affected PCs. It said the plug-in had been promoted as tools to download videos from the service. It said some directed users to malware.
This was in breach of YouTube's rules.
The firm responsible has been named as California-based Sambreel.
The company did not respond to BBC requests for comment.
However, one of its subsidiaries, Yontoo, told Forbes magazine: "The Best Video Downloader and Easy YouTube Downloader products have been discontinued."
The Financial Times reported that this only happened after Sambreel was alerted to Spider.io's findings.
The security firm - founded by Imperial College London computer scientist PhD graduates - reported that some of the added advert slots had been sold on through exchanges to well-known brands including Amazon, Blackberry, Kellogg's and Toyota. These firms would be highly unlikely to have been aware of this.
However, it added, that others had been bought by "malvertisers" (malicious online advertisers).
"When a user who has installed these plug-ins visits youtube.com multiple display ad slots are injected across the YouTube homepage, channel pages, video pages and search results pages," Spider.io said.
"[One example] shows a fake alert, which suggests to the user that a Java update is required.
"If the user clicks the OK button, then the user is taken to the disreputable site.
"This sort of malvertising would be unlikely to impact YouTube users without Sambreel's involvement. Google has strict ad-quality processes, and Sambreel's plug-ins bypass these."
Spider.io said it had identified 3.5 million installations of the YouTube-focused plug-ins but believed there could be many more.
YouTube's terms of service ban users from downloading, rather than streaming its clips. Google also made it clear that it would tackle other instances of unauthorised ad placements.
"Applications that change users' experiences in unexpected ways and provide no value to publishers are bad for users and bad for the web," said a spokeswoman
"We're continuing to look into these types of bad actors and have banned them from using Google's monetisation and marketing tools."
This is not the first time Sambreel has been accused of using programmes to change the adverts that appear on third-party websites.
Last year news site Paidcontent reported Sambreel was offering programmes which promised to customise web pages and provide special deals that also allowed the US firm to replace publishers' adverts with those it served.
It said that AOL, the BBC and the New York Times were among the firms affected.
Prior to that Sambreel attempted to sue Facebook in 2011 when the social network prevented the firm from placing adverts on its site via a tool advertised as a way to let members change the look of their profile page.
However, a judge ruled that Facebook had the right to require that its users disable certain products before using its service.