Hackers ‘Screw’ Millions of PornHub Users In Large-Scale Malvertising Scheme

Proofpoint, a next-generation American cybersecurity firm, has uncovered a large-scale malvertising  campaign in adverts appearing alongside videos on PornHub (Alexa US Rank 20 and world rank 37 as of this writing).

Researchers at Proofpoint have pinpointed KovCoreG group, the hacker organization behind the “sophisticated social engineering scheme that convinced users to infect themselves” through browser updates. The report states millions of potential victims are in US, Canada, the UK, and Australia. The malvertising scheme was active for more than a year but has since been shut down after PornHub and its ad network were notified of the activity.

According to WIRED, malvertising is the latest sweet spot for cybercriminals’.

Malvertising – seeding malicious code in online advertisements to infect unsuspecting users – might be the most jarring and difficult for many Web surfers to fathom. No one expects to get infected with malware when they visit trusted sites like YouTube or Reuters – hardly the seedy sides of the Web. Yet attackers are preying on users’ implicit trust of these sites to infect them via the third-party ad content quietly displaying on these pages and sometimes burrowing into viewers’ browsers and PCs, before they even click on anything.

As Proofpoint notes, only a handful of hacking groups have penetrated online advertising networks, nevertheless those running on major websites. Several of these groups include:  SadClowns, GooNky, VirtualDonna, and AdGholas.

In KovCoreG case,  PornHub users were redirected to a website which claimed to be offering a software update for Chrome, Firefox, and or the Adobe Flash plugin. A user would then be tricked into downloading Kovter, a variant of malware that allows the group to track Pornhub users and personal information.

“The combination of large malvertising campaigns on very high-ranking websites with sophisticated social engineering schemes that convince users to infect themselves means that potential exposure to malware is quite high, reaching millions of web surfers”, Proofpoint researchers noted. 

“While the payload in this case is ad fraud malware, it could just as easily have been ransomware, an information stealer, or any other malware.”

Earlier this year, ADWEEK reports that Google blocked nearly 1.7 billion ‘bad ads’ that violated advertising policies.

The volume of ads that violate Google’s advertising policies has grown substantially. In fact, last year Google’s systems identified and took down 1.7 billion ads across the internet—double what it did in 2015. The way Google puts it, removing that many ads manually would take a human 50 years at a rate of 1 ad per second.

So, if you visited PornHub in the last year, you might want to check out Amazon’s list of ‘virus protection’ software.

**********

Bonus: America and the developed world have a porn addiction beating out The Weather Channel in Alexa website rankings…