Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / Data Security / Pornhub Hit With Malvertising Attack
Millions of Pornhub Users Targeted in Malvertising Attack
Millions of Pornhub Users Targeted in Malvertising Attack
By Alex Hern Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
Millions of Pornhub users were targeted with a malvertising attack that sought to trick them into installing malware on their PCs, according to infosec firm Proofpoint.

By the time the attack was uncovered, it had been active "for more than a year." Proofpoint said, having already "exposed millions of potential victims in the US, Canada, the UK, and Australia" to malware by pretending to be software updates to popular browsers.

Although Pornhub, the world's largest pornography site with 26bn yearly visits according to data from ranking firm Alexa, and its advertising network have shut down the infection pathway, the attack is still ongoing on other sites.

The hack was carried out by a group known as KovCoreG, Proofpoint said, who hoped to infect users with an ad fraud malware known as Kovter. This type of malicious software is traditionally used as a form of online advertising fraud to generate money through clicks on fake adverts.

In this particular attack, visitors to Pornhub were redirected to a website which claimed to be offering a software update for their web browser, including Chrome and Firefox, or to the Adobe Flash plugin. If they downloaded and opened the file it installed Kovter, taking over their machine and using it to click on fake adverts. Those fake clicks then generated real money for the websites the adverts are hosted on -- typically spam-filled sites no normal user would ever visit.

"While the payload in this case is ad fraud malware, it could just as easily have been ransomware, an information stealer, or any other malware," Proofpoint said. "Regardless, threat actors are following the money and looking to more effective combinations of social engineering, targeting and pre-filtering to infect new victims at scale."

Pornhub did not reply to a request for comment.

Malvertising campaigns are a popular way for malware authors to spread their infections, said Javvad Malik, security advocate at AlienVault.

"In 2016, Google removed 112m bad ads which aside from malware, included illegal product promotion and misleading ads,” he said. “The issue being that there are insufficient controls to place an advert with an ad network, making it far easier to get a malicious app accepted by an official app store. This has led to an upturn in the number of reputable organizations distributing malvertising."

Mark James, a security specialist at IT firm ESET, said that Pornhub was likely a preferred target for the bad actors. "The audience is possibly less likely to have security in place or active as people's perception is that it's already a dark place to surf," he said. "Also, the user may be less likely to call for help and try to click through any popups or install any software themselves, not wanting others to see their browsing habits."

© 2017 Guardian Web under contract with NewsEdge/Acquire Media. All rights reserved.

Image credit: iStock.

Tell Us What You Think


Like Us on FacebookFollow Us on Twitter

© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.