Millions of PornHub users affected by a year long malvertising campaign

The quote “where there is pleasure there is pain” is perfectly appropriate for those who visited the pornography giant PornHub since for the past year, the site was hacked and conducting malvertising attacks on the visitors.

So if you have been to PornHub, there are chances that your computer might have been hacked since the malvertising campaign was dropping Kovter malware on users PC from seemingly harmless ads. Once the user clicked on the ad they would be either taken to a malicious site or asked to install Adobe Flash Player update which was itself a malware.

Once infected, cybercriminals would gain full access to the targeted device – All that without the knowledge of users. The campaign targeted users on both Google Chrome and Firefox web browsers.

Millions of PornHub visitors affected by a year long malvertising campaign
Users were redirected to these pages after clicking on malicious ads.

The culprit was Kovter

Kovter malware was first detected in 2013. The malware was equipped with powerful stealth features and is widely used for committing click-fraud while the previous versions of Kovter did go hand in hand with ransomware. In PornHub’s case, the Kovter used hijacked computers to spam ads and generated fake clicks to make real money.

According to Proofpoint’s blog post, the campaign was launched by a group of cybercriminals going by the online handle of KovCoreG and targeted millions of potential victims in Australia, Canada, the UK, and the US

“While the payload, in this case, is ad fraud malware, it could just as easily have been ransomware, an information stealer, or any other malware,” Proofpoint said. “Regardless, threat actors are following the money and looking to more effective combinations of social engineering, targeting and pre-filtering to infect new victims at scale,” said Proofpoint.

Although the campaign has been shut down after Proofpoint security researchers alerted PornHub, the damage has already been done since one year is a good enough time to trick visitors especially on a pornography site that had 23 billion visitors in 2016.

Not for the first time

This is not the first time when an x-rated site was compromised to drop malware on unsuspecting users. Previously, PornHub, xHamster, DrTuber, IcePorn, Xbabe, Eroprofile, Nuvid, and RedTube, etc. were targeted by a sophisticated malvertising attack affecting millions of users.

As for PornHub, the website launched its first ever bug bounty program and vowed to pay $25,000 to anyone who could identify critical security flaws in its infrastructure. However, a teen hacker claimed to hack the site two days after the bug bounty program was launched and sold its data for $1000 but PornHub denied it ever happened and labeled it as a hoax.

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.