Select Page
Ad Fraud Attack - PorHub

Security researchers have worked with key stakeholders to shut down a malvertising campaign that exposed millions of PornHub users to ad fraud malware, DEVCON DETECT, devcon detect, ad fraud protection, ad fraud detection

Phil Muncaster UK / EMEA News Reporter , Infosecurity Magazine
Email PhilFollow @philmuncaster
Security researchers have worked with key stakeholders to shut down a malvertising campaign that exposed millions of PornHub users to Kovter ad fraud malware for over a year.

KovCoreG group, well-known for spreading Kovter malware globally via such tactics, tweaked its operations to include advanced filtering and social engineering rather than exploit kits, believing this to be a more certain way of infecting users.

PornHub – and its Traffic Junky network – were chosen because of its popularity: the 38th most visited site in the world, according to Proofpoint.

Filters are deployed to only serve the malicious ads by specific geography and ISP; with users in the UK, US, Australia and Canada targeted in this campaign. Other fingerprinting included by time zone, screen dimension, language, and history length of current browser windows.

Those served the malicious ads were redirected to a social engineering page displaying an urgent message to install a critical update. This depended on the victim’s browser.

If they clicked through their machine was infected with Kovter, a highly persistent malware which in this case was used to commit ad fraud.

“Once users clicked on what they thought was an update file, they may not have even noticed a change in their systems as the malware opened an invisible web browser process, clicked on ads, and generated potential revenue for cybercriminals,” explained Proofpoint VP of operations, Kevin Epstein.

https://www.infosecurity-magazine.com/news/pornhub-malvertising-exposed/