Researchers from Proofpoint, a cyber security research firm has posted about a recent malvertising campaign that exposed millions of P0rn Hub users across the US, Australia and UK to malware infections.
P0rn Hub is one of the world's most visited adult websites. Ranked at number 21 on Alexa's US website rankings, millions of US P0rn Hub users would be seen as those most exposed in this malvertising campaign that has been active for more than a year.
According to Proofpoint, the malware campaign was conducted by a hacking group called KoyCoreG, the same group which responsible for distributing Koyter ad fraud malware that was used in 2015 malicious ad campaigns.
"Proofpoint researchers recently detected a large-scale malvertising attack by the so called KoyCoreG group, best known for distributing Koyter ad fraud malware and sitting atop the affiliate model that distributes Kovter more widely," Proofpoint said.
The researchers explained that the Koyter malware is very persistent and allows the malware to load itself after every reboot on the infected host.
Koyter uses a legitimate advertising network called Traffic Junky to redirect Chrome and Firefox users to a fake browser update windows. Those on Internet Explorer and Edge get a fake flash update.
"The combination of large malvertising campaigns on very high-rankng websites with sophisticated social engineering schemes that convinces users to infect themselves means that potential exposure to malware is quite high, reaching millions of websites surfers," Proofpoint explained.
"Once again, we see actors exploiting the human factor even as they adapt tools and approach to a landscape in which traditional exploit kit attacks are less effective. While the payload in this case is ad fraud malware, it could just as easily could be have been ransomware, an information stealer, or any other malware."
The researchers said both P0rnHub and Traffic Junky "acted swiftly to remediate this threat upon notification."
0 comments:
Post a Comment