Malware spread through PornHub

One of the most popular porn sites in the world was serving malware through ads to millions of its users.

If you read the title of this article, you know we’re going to discuss an issue that may make some readers blush … yes, malware.

Earlier today, a colleague passed along an article noting that popular online pornography site PornHub was serving ads with baked-in malware that infected users’ computers by pretending to be important browser updates. The attack, reported by Proofpoint, was the work of the KovCoreG group.

You might reflexively say, This can’t harm me! or Who watches porn on the Internet? but PornHub is a very popular site, and that makes the threat relevant to more people than you might expect. According to Alexa, the site is currently ranked the twentieth most popular site in the US, and thirty-seventh in the world. Last year, a reported 92 billion videos (link is safe for work) were watched on its site.

So yeah, this could potentially be pretty big.

What can you do to protect yourself from attacks like this?

  • Just don’t click. We’ve said this many times, but it bears repeating: If you are on a site that you would not want your grandmother (or grandchildren) knowing you are on, think twice — and then think twice more — about clicking any ads or downloading anything from there.
  • If you must click, double-check every link. In this particular case, the fake updates were coming from sites that obviously had no association with browser developers.
  • Run antivirus. Good cybersecurity solutions have multilayered protection that helps users avoid cyberthreats at several points of any cyberattack.