Millions of visitors to adult-video site Pornhub unwittingly downloaded malware onto their PCs in the past year, information-security firm Proofpoint reported Tuesday. The firm said that the malware disguised itself as harmless software updates and duped the users into downloading it.
Proofpoint linked the attack to a group known as KovCoreG, which had set out to infect users’ computers with Kovter, a fraudulent ad malware that hackers use to generate money through clicks on fake online ads. The malware redirected Pornhub visitors to a page that claimed to offer software updates for their Web browser or their Adobe Flash plugin. If the users clicked the links and downloaded them, the malware took over their computers and used them to click on masses of fake ads to generate money for the hackers.
By the time that security experts had uncovered Kovter, it had been active for more than a year, Proofpoint said. Pornhub has shut the malware down on its site but that the malware has migrated to other sites and remains capable of infecting.
“Malvertising” attacks such as this are an increasingly frequent threat on the Internet, warned Javvad Malik, an AlienVault security advocate. He told the Guardian that it is not easy for legitimate ad networks and app stores to screen out every fake ad or plugin from the real ones.
“There are insufficient controls to place an advert with an ad network, making it far easier to get a malicious app accepted by an official app store. This has led to an upturn in the number of reputable organisations distributing malvertising,” Malik said.