PornHub Visitors May Have Been Infected by Hackers

PornHub Visitors May Have Been Infected by Hackers

By the time the attack was uncovered, it had been active "for more than a year", Proofpoint said, having already "exposed millions of potential victims in the US, Canada, the United Kingdom, and Australia" to malware by pretending to be software updates to popular browsers.

Different variations were used with Chrome, Firefox and Internet Explorer to trick the user to download the update.

"Once users clicked on what they thought was an update file, they may not have even noticed a change in their systems as the malware opened an invisible web browser process, clicked on ads, and generated potential revenue for cybercriminals", stated Proofpoint vice president of operations Kevin Epstein.

Pornhub is a popular site that sits comfortably at number 21 on Alexa's USA website rankings.

The files downloaded Kovter, which can be used to run various kinds of malicious code, including ransomware and information-stealers. The attack has been active for more than a year and is ongoing elsewhere, but this particular infection pathway was shut down when the site operator and ad network were notified of the activity.

"The chain begins with a malicious redirect hosted on avertizingms [.] com, which inserts a call hosted behind KeyCDN, a major content delivery network", Proofpoint writes.

Pornhub hacked: Millions exposed to ad fraud malware masquerading as browser updates
PornHub Visitors May Have Been Infected by Hackers

It appears that malvertising impressions are restricted by both geographical and ISP filtering.

However, the malicious ads have now been removed by both the ad network and the adult website. Epstein also commended the website and advertising network for their incredibly swift response following the notification from Proofpoint.

Commenting on the PornHub malware in an email to Newsweek, Javvad Malik from the security firm AlienVault, said: "Malvertising campaigns are a favoured avenue for many attackers".

"This discovery underscores that threat actors follow the money and continue to ideal combinations of social engineering, targeting, and pre-filtering to infect new victims".

Researchers said the campaign demonstrates a "dramatic decline" in the use of exploit kits over the past year, with KovCoreG instead relying on social engineering techniques - in this case, a scam posing as a security alert.

According to cybersecurity company Proofpoint, the hackers' attack may have "exposed millions of potential victims in the US, Canada, the United Kingdom, and Australia", using fake updates, which "could just as easily have been ransomware, an information stealer, or any other malware". "Regardless, threat actors are following the money and looking to more effective combinations of social engineering, targeting and pre-filtering to infect new victims at scale", Proofpoint warns.

Related Articles

  • Comprehensive Stock Analysis Of EOG Resources, Inc. (EOG)

    Greystone Managed Investments Inc. acquired a new position in EOG Resources during the 1st quarter worth approximately $6,656,000. It dropped, as 34 investors sold USG shares while 78 reduced holdings. 2,810 were reported by Rathbone Brothers Public Ltd Co.

    Analyst Recommendations And Revisions: Fidelity National Financial, Inc. (FNF)

    The New York-based Wellington Shields Capital Mngmt Limited has invested 0.25% in FNF Group of Fidelity National Financial, Inc . Two equities research analysts have rated the stock with a hold rating and four have given a buy rating to the company's stock.
    State gets Real ID grace period from feds

    State gets Real ID grace period from feds

    Real ID is a federal law, first approved in 2005, to set minimum security standards for federally acceptable identification. Several of the 9/11 hijackers had obtained state-issued driver's licenses in the months leading up to the attack.
  • Indian film

    Indian film "Shaadi Mein Zaroor Aana" trailer is out

    After Behen Hogi Teri and Bareilly Ki Barfi , Shaadi Mein Jaroor Aana was the third film Rajkummar shot in Lucknow. Asked if he is afraid of being typecast as a bachelor, Rao said: "I would love to play a bachelor all my life.
    Kisii building collapse kills at least seven, 30 feared trapped

    Kisii building collapse kills at least seven, 30 feared trapped

    An officer was quoted saying they have contacted the National Disaster Management Authority and Kenya Red Cross for assistance. The police also stated that search and rescue efforts will still continue to ensure anyone trapped in the building is rescued.

    Summit Securities Group LLC Reduces Stake in UnitedHealth Group Incorporated (UNH)

    Argus restated a "buy" rating and set a $170.00 target price on shares of UnitedHealth Group in a report on Monday, January 23rd. E&G Advisors Lp increased Vanguard Intl Equity Index F (VGK) stake by 19,484 shares to 61,237 valued at $3.38 million in 2017Q2.
  • United Nations pulls staff from Malawi after vampire scare

    Both belief in and a fear of witchcraft is still widespread in Malawi, which remains one of the world's poorest countries . President Peter Mutharika has promised to investigate those killings.
    NASA astronauts successfully complete second of three spacewalks for ISS maintenance

    NASA astronauts successfully complete second of three spacewalks for ISS maintenance

    The 68P will take just two orbits around Earth and dock to the station less than three-and-a-half hours later. Launched in 2001 with the rest of the robot arm, the original latches were showing their age.

    Citigroup Downgrades Rating On Axalta Coating Systems Ltd. (AXTA) To "Sell"

    BidaskClub lowered Axalta Coating Systems from a "hold" rating to a "sell" rating in a research report on Thursday, July 27th. Fairfield Bush & Communications holds 0.09% of its portfolio in Accelerate Diagnostics Inc (NASDAQ:AXDX) for 10,840 shares.
  • Adrian Peterson adds yards after contact to Cardinals offense

    Adrian Peterson adds yards after contact to Cardinals offense

    The Cardinals undoubtedly are under no illusions that Adrian Peterson is the running back he was in his prime. He signed with the Saints this offseason as the next chapter in his career as a 32-year-old.

    Changes in Signals Identified: Spirit Realty Capital, Inc. (SRC), Avnet, Inc. (AVT)

    Investors might also notice that three month ago the Buy recommendations (0) were less than Sell recommendations (0). Several other hedge funds and other institutional investors also recently made changes to their positions in SRC .
    Conservative Groups To 'Failure' McConnell: Step Down As GOP Leader

    Conservative Groups To 'Failure' McConnell: Step Down As GOP Leader

    Ryan Bounds, on the other hand, has been blocked by both OR senators, who claim that Trump didn't consult with them on the choice. Republicans have full control of the federal government, but they failed to deliver any of their promises.