Titles hit included the Los Angeles Times, Chicago Tribune and Baltimore Sun, as well as various others published by Tribune Publishing, which said it first detected the malware on Friday (28 December).
The Los Angeles Times said the cyber attack appeared to come from outside the US.
“We believe the intention of the attack was to disable infrastructure, more specifically servers, as opposed to looking to steal information,” an anonymous source with knowledge of the attack told the newspaper.
The attack led to delays in the distribution of the Saturday editions of The Times, Tribune, Sun and other newspapers that share a printing plant in Los Angeles.
The Los Angeles Times said the attack affected a software system that stores news stories, photographs and other information in a way that made it difficult to produce the plates needed to print the newspaper.
The publication reported that the West Coast editions of the Wall Street Journal and New York Times were also affected as they are printed at and distributed from the same production facility.
In a statement, Tribune Publishing spokeswoman Marisa Kollias said the virus hurt back-office systems used to publish and produce “newspapers across our properties”.
“There is no evidence that customer credit card information or personally identifiable information has been compromised,” she added.
Department of Homeland Security (DHS) spokeswoman Katie Waldman said the DHS was studying the situation.
“We are aware of reports of a potential cyber incident affecting several news outlets, and are working with our government and industry partners to better understand the situation.”