Over the past few months a hacker group dubbed Malsmoke has been infecting popular porn sites with malicious ads and then using them to deliver malware to victims.
According to Malwarebytes’ researchers, who have been tracking this campaign, the Malsmoke gang has managed to abuse “practically all adult ad networks”, but this is the first time when the threat actor has hit a top publisher - the group placed malicious ads on the xHamster, one of the most popular adult sites in the world.
“The redirection mechanism is more sophisticated than those used in other malvertising campaigns. There is some client-side fingerprinting and connectivity checks to avoid VPNs and proxies, only targeting legitimate IP addresses,” the researchers note.
“Malsmoke is probably the most persistent malvertising campaigns we have seen this year. Unlike other threat actors, this group has shown that it can rapidly switch ad networks to keep their business uninterrupted,” they added.