October 11, 2017 by

Massive Malvertising Campaign Affects Millions of PornHub Users

Cybersecurity researchers from industry firm Proofpoint have discovered a massive malvertising campaign that has left millions of internet users from the United States, the UK and Canada vulnerable to malware infections.

A large-scale malvertising campaign by the so-called KovCoreG group, infamous for distributing the Kovter ad fraud malware, has been up and running for over a year and continues to propagate in websites around the world. The malware campaign began its spread on PornHub, one of the world’s most popular websites. With a world ranking of 38 on Alexa and a US ranking of 21, the spread of the infection could have been a lot worse following the compromise of the Traffic Junky advertising network.

Proofpoint researchers studied the malware on multiple browsers, namely: Google Chrome, Mozilla Firefox and Microsoft Edge/Internet Explorer. The compromised advertising network redirected Firefox and Chrome users to a malicious website where visitors were met with a fake browser update window.

Researchers stated:

The chain begins with a malicious redirect hosted on avertizingms[.]com, which inserts a call hosted behind KeyCDN, a major content delivery network.

The developers of the malware used “several components including filtering and fingerprinting of the timezone, screen dimension, language (user/browser) history length of the current browser windows” and more to target vulnerable users while evading analysis.

Proofpoint researchers also revealed a JavaScript had infected Chrome users, redirecting back to a server controlled by attackers. The mechanism prevented security researchers from deciphering the infection chain.

“This makes it extremely unlikely that the JavaScript can be run alone and provide the payload in a sandbox environment,” Proofpoint researchers explained. “This is most likely why this component of the chain has not been documented previously.”

“It should be noted that both PornHub and Traffic Junky acted swiftly to remediate this threat upon notification,” researchers added.

Image credit: LIFARS archives.

About the author

Image of Author

LIFARS is a digital forensics and cybersecurity intelligence firm based in New York City. LIFARS is ranked as one of the top Digital Forensics and Cyber Investigations companies in 2016 and as one of the top cybersecurity companies in the New York metropolitan area for 2015 on the Cybersecurity 500 – a directory of the hottest and most innovative companies to watch in the cybersecurity industry.

Related articles

Uber Paid 20-Year-old Florida Man to Destroy Data as ‘Bug Bounty’ Program

Uber has reportedly paid $100,000 as a pay-off to a hacker who stole the personal data of some 57...

Read more arrow_forward

Cryptocurrency Marketplace Suffers Hack, $64 Million in Bitcoin Stolen

Cryptocurrency marketplace NiceHash has claimed that the contents of its bitcoin wallet was stolen...

Read more arrow_forward

26% of Ransomware Attacks Target Corporate Businesses

New research from Kaspersky Lab has revealed that the number of ransomware attacks targeting...

Read more arrow_forward