Millions of Pornhub users hacked by malware campaign

Pornhub hack Hackers hijacked ads with malware in year-long attack

Even hackers cannot resist the lure of Pornhub

The recent large-scale attack "exposed millions of potential victims in the US, Canada, the United Kingdom, and Australia" to malware, said experts from cybersecurity firm Proofpoint.

Security researchers have worked with key stakeholders to shut down a malvertising campaign that exposed millions of PornHub users to Kovter ad fraud malware for over a year.

The malvertising group behind the latest campaign, nicknamed KovCoreG by the researchers, used their ads on the porn site to redirect users to a scam site that asked them to download a browser update.

The users got different messages for downloading depending on their browser.

The ads, delivered via the Traffic Junky advertising network, tricked unsuspecting users of Google Chrome, Firefox and Microsoft Edge/Internet Explorer into installing bogus "critical" updates to their browsers.

The files downloaded Kovter, which can be used to run various kinds of malicious code, including ransomware and information-stealers.

Apparently, the attack was active for more than a year until the ad network, Traffic Junky, whose ads were being abused, and the adult site lowered the ads after being notified by Proofpoint.

Читайте также: Tropical Storm Ophelia Expected To Become A Hurricane

Attacks on pornography sites are particularly useful for cyber-criminals, as many users are unlikely to report issues on sites such as this as they would rather keep certain elements of their browsing habits private. They said that "malvertising impressions are restricted by both geographical and ISP filtering".

Yahoo was also found to be displaying the malicious ads on its main website,, but as of last week they appeared to have been removed, independent security site ExecuteMalware said.

Still, researchers said the results of such malware could easily have been much more catastrophic when piggybacked on one of the world's most popular websites.

"This discovery underscores that threat actors follow the money and continue to ideal combinations of social engineering, targeting, and pre-filtering to infect new victims".

A spokesperson for PornHub told Newsweek that the website "acted swiftly" to remove the infected content and eliminate the risk to users who may be tricked into installing malicious updates.

According to Epstein this only confirms that attackers will always follow the money, and to do so they will continue to create and flawless combinations of techniques involving social engineering, targeting, and pre-filtering to affect as many users as possible.

При любом использовании материалов сайта и дочерних проектов, гиперссылка на обязательна.
«» 2007 - 2017 Copyright.
Автоматизированное извлечение информации сайта запрещено.

Код для вставки в блог

Latest News