Wed, 26 Sep 2018

Pornhub users tricked in massive hacking attack

By Sheetal Sukhija, Nebraska State News
11 Oct 2017, 12:43 GMT+10

CALIFORNIA, U.S. - Millions of users of the world’s largest adult site, Pornhub were reportedly targeted in a malvertising attack.

A security firm uncovered the hacking group KovCoreG’s attempts to trick Pornhub browsers into installing fake updates by tricking them into installing malware on their PCs.

According to infosec firm Proofpoint, by the time the attack was uncovered, it had been active “for more than a year.”

Proofpoint has said the attack “exposed millions of potential victims in the U.S., Canada, the U.K., and Australia” to malware by pretending to be software updates to popular browsers.

According to data from ranking firm Alexa, Pornhub, which boasts of 26 billion yearly visits, and its advertising network have shut down the infection pathway.

The attack, however, is still ongoing on other sites.

In the attack, KovCoreG aimed at infecting users with an advertisement fraud malware known as Kovter. 

Security experts explained that this type of malicious software is traditionally used as a form of online advertising fraud to generate money through clicks on fake adverts.

Further, the company said that in this particular attack, visitors to Pornhub were redirected to a website which claimed to be offering a software update for their web browser, including Chrome and Firefox, or to the Adobe Flash plugin. 

Once they downloaded and opened the file it installed, Kovter would take over their machine and use it to click on fake adverts. 

Those fake clicks then generated real money for the websites the adverts are hosted on - typically spam-filled sites no normal user would ever visit.

Proofpoint has said, “While the payload, in this case, is ad fraud malware, it could just as easily have been ransomware, an information stealer, or any other malware. Regardless, threat actors are following the money and looking to more effective combinations of social engineering, targeting and pre-filtering to infect new victims at scale.”

Javvad Malik, security advocate at AlienVault explained that malvertising campaigns are a popular way for malware authors to spread their infections.

He said, “In 2016, Google removed 112m bad ads which aside from malware, included illegal product promotion and misleading ads. The issue being that there are insufficient controls to place an advert with an ad network, making it far easier to get a malicious app accepted by an official app store. This has led to an upturn in the number of reputable organisations distributing malvertising.”

Meanwhile, Mark James, a security specialist at IT firm ESET, said that Pornhub was likely a preferred target for the bad actors. 

James said, “The audience is possibly less likely to have security in place or active as people’s perception is that it’s already a dark place to surf. Also, the user may be less likely to call for help and try to click through any popups or install any software themselves, not wanting others to see their browsing habits.”

Sign up for Nebraska State News

a daily newsletter full of things to discuss over drinks.and the great thing is that it's on the house!