PornHub Hijacked by Hackers in Massive Malware Campaign

Updated | Hackers have targeted adult website PornHub for more than a year in an attempt to spread malware to the porn site’s millions of users, according to new research.

Researchers at cybersecurity firm Proofpoint discovered the malware campaign in adverts appearing alongside videos on PornHub.

The so-called malvertising campaign reportedly exposed millions of potential victims in the U.S., Canada, the U.K. and Australia but has since been shut down after PornHub and its ad network were notified of the activity.

Commenting on the PornHub malware in an email to Newsweek, Javvad Malik from the security firm AlienVault, said: “Malvertising campaigns are a favoured avenue for many attackers. In 2016, Google removed 12 million bad ads which, aside from malware, included illegal product promotion and misleading ads.”

A spokesperson for PornHub told Newsweek that the website "acted swiftly" to remove the infected content and eliminate the risk to users who may be tricked into installing malicious updates.

"Pornhub's commitment to providing their viewers with an optimal online experience has made security a top priority, allowing us to respond quickly to cybercrime and safeguard our customers," says Corey Price, vice president of Pornhub.

pornhub malware hackers cybersecurity Proofpoint A sign at the PornHub booth is displayed at the 2017 AVN Adult Entertainment Expo at the Hard Rock Hotel & Casino on January 18 in Las Vegas. Ethan Miller/Getty Images

The malvertising group behind the latest campaign, nicknamed KovCoreG by the researchers, used their ads on the porn site to redirect users to a scam site that asked them to download a browser update.

Different variations were used with Chrome, Firefox and Internet Explorer to trick the user to download the update.

Instead of downloading the update, the user inadvertently installed Kovter, a variant of malware that allows hackers to track a victim's traffic and personal information. Most users may not have even noticed a change in their systems when the malware downloaded, according to the researchers.

“The combination of large malvertising campaigns on very high-ranking websites with sophisticated social engineering schemes that convince users to infect themselves means that potential exposure to malware is quite high, reaching millions of web surfers,” the researchers wrote in a report of their findings.

“While the payload in this case is ad fraud malware, it could just as easily have been ransomware, an information stealer, or any other malware.”

porn database UK ISP age verification A man looks at pornography online, Hanover, Germany, 25 January 2006. JOCHEN LUEBKE/AFP/Getty Images

PornHub is the 20th most-visited website in the U.S., according to rankings site Alexa, and the 37th most popular in the world. This popularity makes it even more of a target for hackers.

Security researchers recommend web users practice safe browsing and avoid clicking on links in browser pop-ups and to stick to reputable sites in order to reduce the chance of being infected.

“There has been an upturn in the number of reputable organizations distributing malvertising,” Malik says.

“It is worth remembering that defenses will be breached periodically no matter, so it’s worth investing in threat detection controls so that any compromise can be quickly and reliably detected and thus responded to.”

This article has been updated to include a comment from PornHub.

Join the Discussion