PornHub Visitors May Have Been Infected by Hackers

Mindy Sparks
October 11, 2017

According to the vice president of threat operations at Proofpoint, Kevin Epstein, the large scale of the KovCoreG group's malvertising attack meant that millions of users were exposed to harmful ad fraud malware.

PornHub is the 20th most-visited website in the US, according to rankings site Alexa, and the 37th most popular in the world.

The malware worked on all major browsers - Chrome, Firefox, Microsoft Edge and Internet Explorer - meaning the potential audience was in the millions. When a file was downloaded, it installed Kovtar.

Apparently, the attack was active for more than a year until the ad network, Traffic Junky, whose ads were being abused, and the adult site lowered the ads after being notified by Proofpoint. "For users that pass these filters, the chain delivers a page containing heavily obfuscated JavaScript identical to that used by Neutrino and NeutrAds".

Yahoo was also found to be displaying the malicious ads on its main website,, but as of last week they appeared to have been removed, independent security site ExecuteMalware said.

A campaign that used online ads to place malware on the systems of millions of visitors to adult website Pornhub has been disabled, researchers said.

SECURITY FIRM Proofpoint has posted about a recent malvertising attack on top 25 website Pornhub that could have caused masturbators some sleepless nights.

"This discovery underscores that threat actors follow the money and continue to ideal combinations of social engineering, targeting, and pre-filtering to infect new victims".

Researchers said the campaign demonstrates a "dramatic decline" in the use of exploit kits over the past year, with KovCoreG instead relying on social engineering techniques - in this case, a scam posing as a security alert.

"Once again, we see actors exploiting the human factor even as they adapt tools and approaches to a landscape in which traditional exploit kit attacks are less effective".

Despite the fact that this attack was limited to click fraud, Proofpoint experts warned that an attack of this kind can easily be modified to become a ransomware or data theft Trojan attack.

According to Epstein this only confirms that attackers will always follow the money, and to do so they will continue to create and flawless combinations of techniques involving social engineering, targeting, and pre-filtering to affect as many users as possible.

Other reports by Iphone Fresh

Discuss This Article