A large and extensive malvertising campaign targeted millions of Pornhub users, deceiving them into installing malware on their PCs.
The attack had been active for more than a year by the time it was uncovered, which means millions of potential victims had been exposed to the malware that was pretending to be software updates.
Approximately 26 billion users pass through the Pornhub website per year, making it the world’s largest pornography site, with users from the United States, Canada, the UK, and Australia all susceptible to malware infections.
This particular attack redirected Pornhub visitors to a website which claimed to be offering software updates for their web browser. The redirection showed users of Chrome and Firefox a fake browser update window, whereas the users of Internet Explorer and Edge saw a fake Adobe Flash plugin update.
If they downloaded the ‘software update’ it actually downloaded a malicious file called Kovter, which takes over the PC and uses it to click on fake adverts.
The fake adverts then generate real money for the host sites, which are usually full of spam and with little user traffic.
Although in this instance the malware was used to generate illegal revenue, it could have been potentially much worse for the users, as it could have been modified and evolved to spread ransomware, Trojans or other malware.
Pornhub has acted swiftly to remove and shut down the threat, however, it is believed that this attack vector could be live elsewhere.
Mark James, ESET IT Security Specialist, explains why a malvertising attack on a sensitive website like Pornhub is so successful, and how best to protect your PC from attacks like this.
“Malvertising relies on one thing to be successful: a large audience.
“Without this the Return on Investment (ROI) is not worth it.
“In recent years we have seen a large uptake on this type of “Malware”, infiltrating legitimate advertising networks to use their backbone and contacts to spread their campaign with a view of targeting as many as possible.
“When you target areas like Pornhub your chances of success may be higher, the audience is possibly less likely to have security in place as people’s perception is that it’s already a dark place to surf.
“Also, the user may be less likely to call for help and try to click through any popups or install any software themselves not wanting others to see their browsing habits.
“The criminals are fully aware of this, after all, they need a large uptake, they need people to think on the go, click the link, install the software, and get rid of that popup as soon as possible!
“No matter what you do, or where you go on the internet you need to ensure your internet security software is fully updated and always on.
“The only time it should not be working is when you have no power to your PC.
“Make sure your Operating System is on the latest version if possible and fully patched.
“Often malware relies on vulnerabilities or exploiting software that may already be patched to gain entry into your system, and making sure your systems are fully up-to-date removes this attack vector.”
Should you expect a level of risk when browsing websites that are perceived to be ‘darker’ places? Let us know on Twitter @ESETUK.
Join the ESET UK LinkedIn Group and stay up to date with the blog. If you are interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.