Shady attracts shady! Lately, cybercriminals have been found manipulating adult website visitors and redirecting victims to malicious websites serving up malware.

What happened?

Researchers at Malwarebytes discovered yet another Malsmoke campaign that appears to have begun mid-October.
  • The threat actors, who have been active throughout 2020, are pushing adult site users to download a fake Java update in their malvertising attacks.
  • Sites such as bravoporn[.]com and xhamster[.]com with hundreds of millions of users are, reportedly, at the risk of downloading Zloader, a banking malware.
  • The reason to go after high traffic adult portals can be set straight; the more the visitors higher the number of infected systems.

How does it work?

The new campaign works across all major web browsers, including Google Chrome.
  • When a user clicks to play a video clip, a new browser containing a grainy video pops up. 
  • In the background, however, victims are redirected to malicious pages such as landingmonster[.]online until they land on a “decoy” porn site.
  • The movies play for a few seconds and suddenly an overlay message surfaces saying the Java Plug-in 8.0 was not found.
  • The fake Java update is, in fact, a digitally signed Microsoft installer, loaded with a number of libraries and executables—that final payload is Zloader.

Activity review of malsmoke actors

The name malsmoke campaign came from Smoke Loader malware that the group drops via the Fallout exploit kit.
  • Since the beginning of the year, malsmoke operators have been running successful exploit kit campaigns, until they decided to pick a new trick involving social engineering.
  • In September, the hacker group launched attacks on the systems of porn surfers running older versions of Adobe Flash Player and Internet Explorer, infecting most of the adult networks with malware on the web.

Stay safe

As far as web threats go, in the absence of high-value software vulnerabilities and exploits, social engineering schemes are here to stay as they are cost effective and reliable. Though a user must avoid sketchy sites or illegal movie download sites, experts advise not to proceed with suspicious links.

Cyware Publisher

Publisher

Cyware