Basic Attention Token
$0.69328 -0.05%
BAT · 206w

Millions of Pornhub users targeted in malvertising attack | Technology

Millions of Pornhub users were targeted with a malvertising attack that sought to trick them into installing malware on their PCs, according to infosec firm Proofpoint.

By the time the attack was uncovered, it had been active “for more than a year”, Proofpoint said, having already “exposed millions of potential victims in the US, Canada, the UK, and Australia” to malware by pretending to be software updates to popular browsers.

Although Pornhub, the world’s largest pornography site with 26bn yearly visits according to data from ranking firm Alexa, and its advertising network have shut down the infection pathway, the attack is still ongoing on other sites.

The hack was carried out by a group known as KovCoreG, Proofpoint said, who hoped to infect users with an ad fraud malware known as Kovter. This type of malicious software is traditionally used as a form of online advertising fraud to generate money through clicks on fake adverts.

In this particular attack, visitors to Pornhub were redirected to a website which claimed to be offering a software update for their web browser, including Chrome and Firefox, or to the Adobe Flash plugin. If they downloaded and opened the file it installed Kovter, taking over their machine and using it to click on fake adverts. Those fake clicks then generated real money for the websites the adverts are hosted on - typically spam-filled sites no normal user would ever visit.

“While the payload in this case is ad fraud malware, it could just as easily have been ransomware, an information stealer, or any other malware,” Proofpoint said. “Regardless, threat actors are following the money and looking to more effective combinations of social engineering, targeting and pre-filtering to infect new victims at scale.”

Pornhub did not reply to a request for comment.

Malvertising campaigns are a popular way for malware authors to spread their infections, said Javvad Malik, security ad...

Continue on
Recent news
No posts found