PornHub Visitors May Have Been Infected by Hackers

PornHub Visitors May Have Been Infected by Hackers

By the time the attack was uncovered, it had been active "for more than a year", Proofpoint said, having already "exposed millions of potential victims in the US, Canada, the United Kingdom, and Australia" to malware by pretending to be software updates to popular browsers.

Different variations were used with Chrome, Firefox and Internet Explorer to trick the user to download the update.

"Once users clicked on what they thought was an update file, they may not have even noticed a change in their systems as the malware opened an invisible web browser process, clicked on ads, and generated potential revenue for cybercriminals", stated Proofpoint vice president of operations Kevin Epstein.

Pornhub is a popular site that sits comfortably at number 21 on Alexa's USA website rankings.

The files downloaded Kovter, which can be used to run various kinds of malicious code, including ransomware and information-stealers. The attack has been active for more than a year and is ongoing elsewhere, but this particular infection pathway was shut down when the site operator and ad network were notified of the activity.

"The chain begins with a malicious redirect hosted on avertizingms [.] com, which inserts a call hosted behind KeyCDN, a major content delivery network", Proofpoint writes.

PornHub Malvertising Attack Exposed Millions to Ad Fraud
Pornhub Users Targeted With Malware Laden Ads

It appears that malvertising impressions are restricted by both geographical and ISP filtering.

However, the malicious ads have now been removed by both the ad network and the adult website. Epstein also commended the website and advertising network for their incredibly swift response following the notification from Proofpoint.

Commenting on the PornHub malware in an email to Newsweek, Javvad Malik from the security firm AlienVault, said: "Malvertising campaigns are a favoured avenue for many attackers".

"This discovery underscores that threat actors follow the money and continue to ideal combinations of social engineering, targeting, and pre-filtering to infect new victims".

Researchers said the campaign demonstrates a "dramatic decline" in the use of exploit kits over the past year, with KovCoreG instead relying on social engineering techniques - in this case, a scam posing as a security alert.

According to cybersecurity company Proofpoint, the hackers' attack may have "exposed millions of potential victims in the US, Canada, the United Kingdom, and Australia", using fake updates, which "could just as easily have been ransomware, an information stealer, or any other malware". "Regardless, threat actors are following the money and looking to more effective combinations of social engineering, targeting and pre-filtering to infect new victims at scale", Proofpoint warns.

Related Articles

  • Changes in Signals Identified: Spirit Realty Capital, Inc. (SRC), Avnet, Inc. (AVT)

    Investors might also notice that three month ago the Buy recommendations (0) were less than Sell recommendations (0). Several other hedge funds and other institutional investors also recently made changes to their positions in SRC .
    Scotia Capital Inc. Sells 10489 Shares of Kinder Morgan, Inc. (KMI)

    Scotia Capital Inc. Sells 10489 Shares of Kinder Morgan, Inc. (KMI)

    Cibc Asset accumulated 196,617 shares or 0.03% of the stock. 599,821 are owned by Pacific Ridge Cap Partners Limited Liability. Several other large investors also recently bought and sold shares of KMI. 75 funds opened positions while 303 raised stakes.
    United States  rules out negotiated Daesh withdrawal from Syria's Raqqa

    United States rules out negotiated Daesh withdrawal from Syria's Raqqa

    But the coalition would not support any negotiated withdrawal of fighters, he said. Dillon says up to 15 militants have surrendered in the past three weeks in Raqqa.
  • Analyst Recommendations And Revisions: Fidelity National Financial, Inc. (FNF)

    The New York-based Wellington Shields Capital Mngmt Limited has invested 0.25% in FNF Group of Fidelity National Financial, Inc . Two equities research analysts have rated the stock with a hold rating and four have given a buy rating to the company's stock.
    Pizza Hut's new 'pizza parka' will insulate you like a fresh pie

    Pizza Hut's new 'pizza parka' will insulate you like a fresh pie

    The restaurant chain said it has spent more than two years looking at ways to ideal the design. In addition, the new box will come with a new tray for the pizza to sit on.
    State gets Real ID grace period from feds

    State gets Real ID grace period from feds

    Real ID is a federal law, first approved in 2005, to set minimum security standards for federally acceptable identification. Several of the 9/11 hijackers had obtained state-issued driver's licenses in the months leading up to the attack.
  • Adrian Peterson adds yards after contact to Cardinals offense

    Adrian Peterson adds yards after contact to Cardinals offense

    The Cardinals undoubtedly are under no illusions that Adrian Peterson is the running back he was in his prime. He signed with the Saints this offseason as the next chapter in his career as a 32-year-old.

    Analyst Commentary On AMC Entertainment Holdings, Inc. (AMC), Cambrex Corporation (CBM)

    AMC Entertainment Holdings, Inc . shares increased 3.4 percent over the past week and rose 10.14 percent over the previous month. Finally, Janus Capital Management LLC grew its holdings in shares of AMC Entertainment Holdings by 0.3% in the first quarter.
    '13 Reasons Why' Season 2 Shuts Down Production Due to California Wildfires

    '13 Reasons Why' Season 2 Shuts Down Production Due to California Wildfires

    Many members of the cast and crew who now live in the region during filming have been flown home as a courtesy . There are more people there in need of help than can even be expressed in words.
  • Costco Wholesale Corporation (COST) -4.93% away from 20 SMA

    Costco Wholesale Corporation (COST) -4.93% away from 20 SMA

    Costco Wholesale Corporation (NASDAQ: COST ) shares have been on a recent steady downtrend, causing some worry for shareholders. Alliancebernstein L.P. increased its holdings in shares of Costco Wholesale Corporation by 4.1% in the 1st quarter.

    Archer-Daniels-Midland Company (ADM) Given Average Rating of "Hold" by Brokerages

    At present, 0 analysts recommended Holding these shares while 0 recommended sell, according to FactSet data. BMO Capital Markets downgraded the shares of ADM in report on Friday, January 6 to "Market Perform" rating.
    Conservative Groups To 'Failure' McConnell: Step Down As GOP Leader

    Conservative Groups To 'Failure' McConnell: Step Down As GOP Leader

    Ryan Bounds, on the other hand, has been blocked by both OR senators, who claim that Trump didn't consult with them on the choice. Republicans have full control of the federal government, but they failed to deliver any of their promises.