Security researchers discovered a new type of router attack that injects ads on websites. In layman's terms, the attack works by hacking vulnerable routers to misdirect queries to poisoned DNS servers. Security firm Ara Labs notes the unique thing about this new attack is the use of Google Analytics as an attack vector.
When the router malware detects a query to Google's Analytics service, it spoofs the request by redirecting it to a rogue server instead of the legitimate Google server. Quite a lot of sites run Google Analytics so for attackers it's a very easy to approach to impact countless websites with minimal effort. When an infected router visits one of these sites, it will not pull the Google Analytics script but will instead serve ads or even porn.
The peculiar aspect of this attack is that it's hard to detect. Running a malware scan on your PC will detect nothing because there's nothing wrong on your computer. Few people know routers can be infected and even then it's probably the last place they'll look.