What name is given to attackers who inject malware into seemingly legitimate websites to trick users into clicking?

Malvertising is the practice of injecting malicious code into online advertisements that are served on legitimate websites. Attackers compromise ad networks or ad creatives so that when a user visits a trusted site and loads the ads, the malicious content is delivered. The goal is to trick users into clicking the ad or, in some cases, to trigger a drive-by download just by loading the ad, leveraging the user’s trust in the legitimate site. This technique spreads quickly across many sites because ads come from networks that aggregate content from numerous publishers. In contrast, click-jacking is about overlaying UI to force clicks, spear-phishing sites are targeted credential-grabbing pages, and thumbs.db is unrelated. So the scenario described best fits malvertising.