14 September 2020

Malsmoke malvertising campaign targets porn sites visitors, redirects users to exploit kits


Malsmoke malvertising campaign targets porn sites visitors, redirects users to exploit kits

Over the past few months a hacker group dubbed Malsmoke has been infecting popular porn sites with malicious ads and then using them to deliver malware to victims.

According to Malwarebytes’ researchers, who have been tracking this campaign, the Malsmoke gang has managed to abuse “practically all adult ad networks”, but this is the first time when the threat actor has hit a top publisher - the group placed malicious ads on the xHamster, one of the most popular adult sites in the world.

The Malsmoke attacks only target users running vulnerable versions of Internet Explorer and Adobe Flash. The malicious ads use JavaScript to redirect visitors of adult portals to malicious sites hosting exploit kit designed to exploit the CVE-2019-0752 (Internet Explorer) and CVE-2018-15982 (Flash Player) vulnerabilities in order to install malware (such as Smoke Loader, Raccoon Stealer, and ZLoader) on victims’ machines.

“The redirection mechanism is more sophisticated than those used in other malvertising campaigns. There is some client-side fingerprinting and connectivity checks to avoid VPNs and proxies, only targeting legitimate IP addresses,” the researchers note.

“Malsmoke is probably the most persistent malvertising campaigns we have seen this year. Unlike other threat actors, this group has shown that it can rapidly switch ad networks to keep their business uninterrupted,” they added.


Back to the list

Latest Posts

Palmerworm cyber-spies hide in compromised networks for months

Palmerworm cyber-spies hide in compromised networks for months

A new espionage campaign targets companies in Japan, Taiwan, the U.S., and China.
30 September 2020
Healthcare provider UHS hit by a ransomware attack

Healthcare provider UHS hit by a ransomware attack

The cause of the incident is believed to be the Ryuk ransomware.
29 September 2020
Apple fixed four dangerous vulnerabilities in macOS

Apple fixed four dangerous vulnerabilities in macOS

Exploitation of some of the problems allows arbitrary code execution on the system.
28 September 2020