Saturday, 21 October 2017
Latest news
Main » Cyber Honey Trap: Hackers Hit PornHub Users With Malvertising Attack

Cyber Honey Trap: Hackers Hit PornHub Users With Malvertising Attack

11 October 2017

The attack apparently had been active for over a year and "exposed millions of potential victims in the US, Canada, the United Kingdom, and Australia", according to Proofpoint, a security company cited by the Guardian.

Epstein stated that very few hacking groups have the capability of infiltrating advertising networks, especially one that operates on one of the world's most visited website.

In this case, the malicious ads determined which browser the user was running, and then displayed different scam pages to different users. The ads would tell users they needed to apply a critical update so that the users, thinking it was an actual message from their browser, would run the malware and infect themselves. If downloaded and activated by users, the software infected their computers with Kovter - a program that hijacks a computer and uses it to generate clicks on fake ads which generate money for the websites they're hosted on. The downloadable files were JavaScript (Chrome, Firefox) or HTA (IE, Edge) files that installed Kovter. The attack has been active for more than a year and is ongoing elsewhere, but this particular infection pathway was shut down when the site operator and ad network were notified of the activity.

More news: Coroner's service says three bodies were found after fire in Nanaimo, BC

It appears that malvertising impressions are restricted by both geographical and ISP filtering. "The issue being that there are insufficient controls to place an advert with an ad network, making it far easier to get a malicious app accepted by an official app store". Epstein also commended the website and advertising network for their incredibly swift response following the notification from Proofpoint.

"This discovery underscores that threat actors follow the money and continue to ideal combinations of social engineering, targeting, and pre-filtering to infect new victims".

"Once again, we see actors exploiting the human factor even as they adapt tools and approaches to a landscape in which traditional exploit kit attacks are less effective".

More news: Victor Garber Exits CW Drama Series in Preparation for HELLO, DOLLY!

Despite the fact that this attack was limited to click fraud, Proofpoint experts warned that an attack of this kind can easily be modified to become a ransomware or data theft Trojan attack.

"This discovery underscores that threat actors follow the money and continue to flawless combinations of social engineering, targeting, and pre-filtering to infect new victims at scale", Epstein stated.

More news: Developer Shows Off iOS Phishing Attack That Is Very Convincing

Cyber Honey Trap: Hackers Hit PornHub Users With Malvertising Attack