Millions Of Pornhub Users Targeted By Year Long Global Malvertising Attack

Millions Of Pornhub Users Targeted By Year Long Global Malvertising Attack

According to security firm Proofpoint which uncovered the operation, a hacker group known as KovCoreG hacked into Pornhub advertising and posted fake browser updates to induce visitors to click on them.

Instead of downloading the update, the user inadvertently installed Kovter, a variant of malware that allows hackers to track a victim's traffic and personal information.

He continued: "We are pleased that following our notification, the site and advertising network abused in this particular attack worked swiftly to remove the infected content".

According to experts from cybersecurity firm, Proofpoint, the infections that initially surfaced on PornHub's web pages came from a legitimate advertising network, Traffic Junky. For instance, Chrome and Firefox users got a fake browser update window, while IE (Internet Explorer) and Microsoft Edge users got a fake Flash update one.

The so-called malvertising campaign reportedly exposed millions of potential victims in the U.S., Canada, the United Kingdom and Australia but has since been shut down after PornHub and its ad network were notified of the activity. However, these clicks made money for criminals.

Proofpoint said the attack was carried out by a group called KovCoreG, who endeavoured to infect devices with an ad fraud malware called Kovter.

Taika Waititi has Jimmy Kimmel interview crashed by Matt Damon
Both Hemsworth and Damon were seen hours later on the red carpet for " Thor: Ragnorak". "You're not on the show", Kimmel told him. Damon has since tried to clear up the issue , sitting down with Deadline to explain his side of the story.

On this occasion, the attackers were attempting to generate money for themselves by engaging in click fraud - but it's clear that the malware could easily have been modified to spread more serious threats such as ransomware or spyware.

"This discovery underscores that threat actors follow the money and continue to ideal combinations of social engineering, targeting, and pre-filtering to infect new victims at scale", Epstein stated.

This article has been updated to include a comment from PornHub.

To stay protected against malware and malvertising, security expert Javvad Malik from the security firm AlienVault told Newsweek it's important people do not forget to not click on links in pop-ups and to stay on reputable sites. "In 2016, Google removed 12 million bad ads which, aside from malware, included illegal product promotion and misleading ads".

"There has been an upturn in the number of reputable organizations distributing malvertising", Malik says.

Mark James from the IT security company ESET also pointed out that PornHub was likely a preferred target for hackers because the website's users are less likely to have active security countermeasures in place and would probably be reluctant to seek help in order to keep their browsing history secret.

Related Articles