A malicious group has been placing malicious ads on porn sites for the past few months. The specific ads to redirect them users in exploit kits and infect them with malware.
The group is called Malsmoke, and has performed attacks "on almost all porn networks".
According to the company better safetys Malwarebytes, which monitors the Malsmoke group's attacks, most of the time, the group managed to place malicious ads on small or even medium-sized porn portals, but recently it "hit the jackpot" when it managed to add these ads to Airbnb, one of the biggest porn portals with billions of visitors every month.
Malicious ads use misleading JavaScript to send users to a malicious website that hosts a exploit kit.
The exploit kit will then use vulnerabilities in Adobe Flash Player or Internet Explorer to install malware on users' computers (Smoke Loader, Raccoon StealerAnd ZLoader.).
Attacks can be seen as a last resort to infect users with old school tools such as exploit kits, the use of which has declined in recent years as modern browsers have become much more secure.
“Despite the recommendations of Microsoft and professionals security, we find that there are still quite a few users (consumers and businesses) worldwide who have yet to switch to a modern browser,” he says Malwarebytes.
"As a result, the authors of the exploit kit are targeting vulnerabilities in Internet Explorer and Flash Player."
