A malicious group in recent months has placed malicious ads on pornographic sites. These ads redirect users to explot kits and infect them with malware.
The group is called Malsmoke, and has carried out attacks on “almost all porn networks".
According to security company Malwarebytes, which monitors Malsmoke's attacks, most of the time, the group managed to place malicious ads on small or medium-sized pornographic portals, but recently "hit the jackpot" when it managed to add these ads to xHamster, one of the largest pornographic portals with billions of visitors every month.
Malicious ads use deceptive JavaScript για να στείλει τους χρήστες σε έναν κακόβουλο ιστότοπο που φιλοξενεί ένα exploit kit.
The exploit kit will then use vulnerabilities in Adobe Flash Player or Internet Explorer to install malware on users' computers (Smoke Loader, Raccoon StealerAnd ZLoader.).
The attacks can be seen as a last-ditch effort to infect users with old-school tools like exploit kits, the use of which has declined in recent years as modern programs tourhave become much safer.
"Despite her recommendations Microsoft and security professionals, we find that there are still many users (consumers and businesses) worldwide who have not yet switched to a modern browser,” he says Malwarebytes.
"As a result, the authors of the exploit kit are targeting vulnerabilities in Internet Explorer and Flash Player."
