PornHub users hit by sustained, targeted malvertising campaign

Millions of PornHub users in the US, UK, Canada and Australia were targeted by a malicious advertising campaign lasting for more than a year. The malvertising attack tried to trick users of the world's most popular porn site into installing fake browser updates.

Security researchers from Proofpoint found that PornHub users had been exposed to Kovter ad fraud malware for over a year. The KovCoreG group is believed to be responsible for distributing the Kovter ad fraud malware, so if you've visited PornHub recently, it might be a good idea to check your system for signs of infection.

The malware worked on all major browsers -- Chrome, Firefox, Microsoft Edge and Internet Explorer -- meaning the potential audience was in the millions. Once fake updates had been downloaded, malware was installed on victims computers, and this in turn automatically clicked on ads to generate money for the developers of the malware.

Reporting its findings, Proofpoint says:

The combination of large malvertising campaigns on very high-ranking websites with sophisticated social engineering schemes that convince users to infect themselves means that potential exposure to malware is quite high, reaching millions of web surfers. Once again, we see actors exploiting the human factor even as they adapt tools and approaches to a landscape in which traditional exploit kit attacks are less effective. While the payload in this case is ad fraud malware, it could just as easily have been ransomware, an information stealer, or any other malware. Regardless, threat actors are following the money and looking to more effective combinations of social engineering, targeting, and pre-filtering to infect new victims at scale.

While the infection has now been removed from PornHub, the malware is now out in the wild and it is possible that it may reappear via the Traffic Junky advertising network it initially took advantage of.

Image credit: vectorfusionart / Shutterstock