Millions of users who visited adult website PornHub could be infected by malware after hackers infiltrated the website’s advertising supply chain. At the moment, users in the US, Canada, the UK, and Australia have been affected.

COMMERCIAL BREAK
SCROLL TO CONTINUE READING

Cyber-security firm Proofpoint mentioned in a blog that researchers recently detected a large-scale malvertising attack by the so-called KovCoreG group, best known for distributing Kovter ad fraud malware. The attack has been active for more than a year and is ongoing elsewhere, but this particular infection pathway was shut down when the site operator and ad network were notified of the activity.

With the help of malvertising, the use of online advertising to spread malware, hackers hijacked advertising platforms to deliver fake browser updates for the three most popular Windows browsers. The infection chain in this campaign appeared on PornHub and abused the Traffic Junky advertising network.

It appears that malvertising impressions are restricted by both geographical and ISP filtering. For users that pass these filters, the chain delivers a page containing heavily obfuscated JavaScript identical to that used by Neutrino and NeutrAds. The hackers used a number of filters and and fingerprinting of the timezone, screen dimension, language (user/browser) history length of the current browser windows, and unique id creation via Mumour, to target users and evade analysis.

“It should be noted that both PornHub and Traffic Junky acted swiftly to remediate this threat upon notification,” researchers added.