Back in 2016, PornHub started a bug bounty program with the idea to protect users from malvertising campaigns. The bug bounty program was meant to reward white hats between $50 and $25,000 for flaws found on its main website.
Despite its efforts against malicious advertising attempts, the famous porn website has once again been hit by a malvertising campaign, as revealed by Proofpoint researchers. It turns out that for the past year, PornHub was hacked to deliver malvertising attacks on unsuspecting users. The payload of the operation has been revealed – the long known Kovter malware.
How Did the Malvertising Campaign on PornHub Happen?
Typically for this type of attacks, users were lured to click on seemingly innocuous ads. However, upon clicking the ad, the users would be either redirected to a malicious page or prompted to install fake Adobe Flash Player update where the Kovter malware was hidden.
A successful infection meant that the attackers had gained full access to the hacked machines. Two of the most popular browsers were targeted – Mozilla Firefox and Google Chrome. So, if you have visited PornHub this past year using one of these two browsers, chances are you were infected.
The team behind the attacks is KovCoreG group, known to deliver Kovter while “sitting atop the affiliate model that distributed Kovter more widely”, researchers said. The attacks, primarily built on fake browser updates for Chrome and Firefox, exposed millions of users in the U.S., Canada, the UK, and Australia. What makes things worse is the fact that the campaign has been active for over a year.
Kovter malware has been known to exploit browser updates to infect users. As we have already written in 2016, the malware family has been plaguing systems for many years and seems to be restless. Back then, a new click-ad-fraud strain of fileless Kovter was being spread via drive-by download attacks. The infection was triggered by a legitimate Mozilla Firefox browser update pack (firefox-patch.exe).
How Can Users Be Protected Against Kovter Malware?
In short, users should never trust unexpected pop-ups that prompt them to install software updates. Keep in mind that most applications, browsers included, have in-software mechanisms that download and implement updates without the need of user involvement.
Like in most malware infections, being educated about the tricks employed by cybercriminals is crucial to keeping a computer safe from infections. Lastly, employing sophisticated anti-malware software is highly advisory.
SpyHunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter