Pornhub malvertising attack affects millions of users

Malvertising incidents are also expanding to whitelisted websites, expert warns

A large-scale malvertising attack saw millions of users of adult video website Pornhub tricked into installing malware on the computers, according to security researchers.

The campaign was active for more than a year, exposing millions of potential victims in the US, Canada, the UK, and Australia to fake software updates that actually installed malware, said IT security researchers at Proofpoint in a blog post

The attacks were carried out by a hacking group known as KovCoreG. It is best known for distributing Kovter ad fraud malware and sitting atop the affiliate model that distributes Kovter more widely.  

Victims were shown fake notifications of updates to their Chrome or Firefox web browser or Flash. When a file was downloaded, it installed Kovtar. This then was used by criminals to fake click on adverts. However, these clicks made money for criminals. 

"The combination of large malvertising campaigns on very high-ranking websites with sophisticated social engineering schemes that convince users to infect themselves means that potential exposure to malware is quite high, reaching millions of web surfers," said the researchers. 

"Once again, we see actors exploiting the human factor even as they adapt tools and approaches to a landscape in which traditional exploit kit attacks are less effective."

While the payload here is ad fraud malware, it could just as easily have been ransomware, an information stealer, or any other malware. 

"Regardless, threat actors are following the money and looking to more effective combinations of social engineering, targeting, and pre-filtering to infect new victims at scale," they added. 

Pornhub, which has its own bug bounty programme, acted swiftly to fix the issue when Proofpoint made it aware of the issue.

Chris Olson, CEO of The Media Trust, told IT Pro that the widespread notion that malvertising is on the decline just isn't true, and that it's even extending to websites you'd be happy to visit at work. 

"In fact, malvertising incidents have more than doubled in the past three years and are increasingly found on premium websites that are typically whitelisted by enterprises for employee internet use," he said. 

"Fake virus alerts and system updates delivering malicious exploit kits are ubiquitous in today's highly complex and dynamic digital ecosystem. In order to effectively deliver malware and exploit kits, threat actors have resorted to sophisticated coding to enable advanced filtering," he added.

"There has been a surge in the detection-evading malware that only executes when conditions are favourable. Furthermore, in order to accurately target and deliver malware to specific endpoints and internet users, threat actors exploit the very technologies that website owners utilise to deliver customised and personalised content to their users."

Featured Resources

Security analytics for your multi-cloud deployments

IBM Security QRadar SIEM solution brief

Download now

Five reasons to move to the cloud

Join the enterprises moving their workloads to the cloud

Download now

Architecting hybrid IT and edge for digital advantage

Why business leaders should consider a hybrid IT strategy

Download now

Six reasons to accelerate remote asset monitoring with AI

How to optimise resources, increase productivity, and grow profit margins with AI

Download now

Recommended

MacBook users warned against EvilQuest ransomware
ransomware

MacBook users warned against EvilQuest ransomware

19 Feb 2021
Agent Tesla malware evades security controls to infect systems
malware

Agent Tesla malware evades security controls to infect systems

3 Feb 2021
Your essential guide to internet security
Security

Your essential guide to internet security

27 Jan 2021
Android malware vendor teams with marketer to promote new malware
malware

Android malware vendor teams with marketer to promote new malware

11 Jan 2021

Most Popular

Mysterious Silver Sparrow malware hits 30,000 macOS devices
malware

Mysterious Silver Sparrow malware hits 30,000 macOS devices

22 Feb 2021
IBM reportedly mulls sale of Watson Health business
mergers and acquisitions

IBM reportedly mulls sale of Watson Health business

22 Feb 2021
Microsoft to launch standalone Office 2021 suite
Microsoft Office

Microsoft to launch standalone Office 2021 suite

19 Feb 2021