Cyber criminals plant abuse images on innocent business and personal websites in a complex bid to spread malware, software designed to gain access to private computers, the Internet Watch Foundation (IWF) has said.
In one case, a furniture company's website was hosting images without the knowledge of the business owner or even its customers.
A total of 392 reports of websites hacked to host child sexual abuse content were received by the IWF between June and December last year, compared to zero in the same period the year before.
In addition, the IWF's confidential hotline for flagging criminal content on the web recorded a 31% surge in the total number of reports of child sex abuse images found online, up from 39,211 in 2012 to 51,186 in 2013.
Emma Hardy, director of external relations, said: "We had barely seen hacked websites hosting child sexual abuse imagery for some time, then last year we experienced a spike in reports. It seems whoever was behind it used this method to distribute malware.
"In the process, ordinary internet users were confronted with images of children being sexually abused, as well as having their devices infected.The folders of images were often placed on legitimate businesses' websites.
"Those businesses would not have been aware this had happened.The best way to safeguard against this happening is to have good security and tough passwords to prevent someone from hacking into the administration side of a website."