PornHub Malvertising Attack Exposed Millions to Ad Fraud


Proofpoint reports that a hacking group called KovCoreG group placed its malvertising badness on Pornhub that could have put millions of masturbators at risk.

Having been notified of the malware activity, this particular avenue of attack has now been shut down by PornHub and Traffic Junky, but not before, as noted, millions of surfers have already been hit.

"Very few groups have the capability to abuse the advertising chains of some of the world's most visited websites; however, the KovCoreG group is one of them". There were variations for Chrome, Firefox and Internet Explorer.

This latest attack has a potentially risky scope, considering that over 2016 alone, the website received over 23 billion visits in total.

The updates in the question posed as several different software, including Adobe Flash.

"Once users clicked on what they thought was an update file, they may not have even noticed a change in their systems as the malware opened an invisible web browser process, clicked on ads, and generated potential revenue for cybercriminals", explained Proofpoint VP of operations, Kevin Epstein.

"While the payload in this case is ad fraud malware, it could just as easily have been ransomware, an information stealer, or any other malware", Proofpoint said.

Opening Statements in Jessica Chambers Murder Trial Day 1
She was on fire when she was found next to her burning auto along a back road in Courtland, Mississippi, on December 6, 2014. Tellis is accused of setting Chambers on fire on a rural Panola County, Mississippi, road back in December 2014.

According to the Guardian, PornHub did not comment on this development.

PornHub has not responded for commentary on the attack yet.

The pornographic video website has reportedly been exposed to the Kotver malware virus, an attack that repeatedly engages with advertising content in a computer's background to generate ad money.

The campaign was tightly focused, with ads being displayed only to users in the United Kingdom, the US, Australia and Canada, and further limited depending upon which ISP they used, said security firm Proofpoint in an advisory. Epstein also commended the website and advertising network for their incredibly swift response following the notification from Proofpoint.

Millions of users of the world's most visited adult content site have been tricked into downloading malware onto their computers.

Of course, Kovter is active elsewhere on the net, and as Proofpoint notes: "Threat actors are following the money and looking to more effective combinations of social engineering, targeting, and pre-filtering to infect new victims at scale".