Hackers hijack PornHub ads to infect 'millions'

Criminals are attempting to infiltrate advertising networks to use the platforms to infect visitors to high-profile sites.

Wednesday 11 October 2017 00:15, UK

A man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. Capitalizing on spying tools believed to have been developed by the U.S. National Security Agency, hackers staged a cyber assault with a self-spreading malware that has infected tens of thousands of computers in nearly 100 countries. REUTERS/Kacper Pempel/Illustration
Image: The attack was committed by a group known as KovCoreG, according to Proofpoint
Why you can trust Sky News

Visitors to adult website PornHub may have been infected by malware after hackers infiltrated the site's advertising supply chain, according to researchers.

The recent large-scale attack "exposed millions of potential victims in the US, Canada, the UK, and Australia" to malware, said experts from cybersecurity firm Proofpoint.

Known as malvertising - a portmanteau of "malicious" and "advertising" - the attack saw hackers hijack advertising platforms to deliver fake browser updates for the three most popular Windows browsers.

Because advertising inventory can appear on high-profile websites, criminals are increasingly attempting to hijack these platforms to inject malware into a large number of victims' computers.

The sophisticated filtering that ad networks offer to vendors can also be used by cyber criminals to target users running specific software containing vulnerabilities that can be exploited.

The attack affecting PornHub and its advertising network was committed by a group known as KovCoreG, said Proofpoint, which attempted to infect browsers with the Kovter ad fraud malware.

Advertising fraud is so prevalent on the internet that some advertisers only receive $0.01 for every $1 of impressions they pay for, according to independent ad fraud expert Dr Augustine Fou.

More from Science & Tech

The three KovCoreG social engineering templates we observed. Pic: Proofpoint
Image: Hackers tried to make PornHub users download fake browser updates. Pic: Proofpoint

The cyber criminals created fake advertisements that would appear as security warnings on the Chrome, Firefox and Edge web browsers - telling users they needed to apply a critical update.

The fake advertisements encouraging users to infect themselves with the Kovter malware "could just as easily have been ransomware, an information stealer, or any other malware", said Proofpoint.

"Regardless, threat actors are following the money and looking to more effective combinations of social engineering, targeting, and pre-filtering to infect new victims at scale," the company added.

It said that PornHub acted swiftly when notified of the malvertising to protect users.

PornHub did not immediately respond to Sky News for comment.