Posted on October 10, 2017 at 12:00 PM
Hackers Target PornHub Users Via Malicious Ad Content
The hacking group KovCoreG recently targeted millions of PornHub users worldwide.
Millions of PornHub users across the United States, Canada, United Kingdom, and Australia were recently targeted by KovCoreG, a hacking group. This group implemented malicious ad content which spread booby-trapped downloads across the world’s most visited adult website.
According to experts from cybersecurity firm, Proofpoint, the infections that initially surfaced on PornHub’s web pages came from a legitimate advertising network, Traffic Junky.
Payloads differed between users, the main factor seeming to be the user’s preferred web browser such as Google Chrome, Mozilla Firefox or Apple Safari.
This latest attack has a potentially dangerous scope, considering that over 2016 alone, the website received over 23 billion visits in total.
The KovCoreG group’s hacking campaign utilized social engineering techniques which convinced users to install malicious updates. The updates appeared as popups whenever they visited a PornHub web page. Victims of the attack believed that they were merely updating their software.
The updates in the question posed as several different software, including Adobe Flash.
Once the victim downloaded the malicious fake update, the malware would immediately infect their machine and covertly click on certain adverts to generate funds illicitly.
Despite the fact that this attack was limited to click fraud, Proofpoint experts warned that an attack of this kind can easily be modified to become a ransomware or data theft Trojan attack.
According to Proofpoint, all malicious advertisements have been removed, and they applauded both Traffic Junky as well as PornHub for their quick response time.
PornHub has not responded for commentary on the attack yet. In instances like this, it is often the advertising network that was more directly targeted, rather than the website in question.
According to the vice president of threat operations at Proofpoint, Kevin Epstein, the large scale of the KovCoreG group’s malvertising attack meant that millions of users were exposed to harmful ad fraud malware. Epstein also commended the website and advertising network for their incredibly swift response following the notification from Proofpoint.
Epstein stated that very few hacking groups have the capability of infiltrating advertising networks, especially one that operates on one of the world’s most visited website.
According to Epstein this only confirms that attackers will always follow the money, and to do so they will continue to create and perfect combinations of techniques involving social engineering, targeting, and pre-filtering to affect as many users as possible.
Adult websites have suffered several attacks before, either by their advertising networks or by specific targeting by cybercriminals.
In 2015, researchers from Malwarebytes exposed a widespread operation that affected several popular adult content websites including xHamster, RedTube, and PornHub. However, due to the sensitive nature of the content, most porn websites have above average security mechanisms.
Porn sites are also known for their incredibly quick response time on the rare occasion that malware does manage to infiltrate the site.
According to Malwarebytes CEO Marcin Kleczynski, top adult domains put a lot of resources into their security defenses to prevent any malware infiltrating the site, more so than average websites. Kleczynski also confirmed the incredibly quick response times, which he stated was significantly faster than most mainstream websites.
