Some of the biggest adult websites on the planet have been infiltrated with malware, security experts have warned. The devastating new attack has seen “practically all adult ad networks,” which serve almost all XXX-rated websites globally.
The vast new attack comes courtesy of a group that calls itself Malsmoke. For the last few months, security experts have observed the group slowly infiltrate adult websites with malicious adverts that – when clicked – redirect users to exploit kits that infect their laptop or desktop computers with malware. Until recently, the group has operated at a pretty small scale.
However, Malsmoke has seriously stepped up its presence and now operates at a level above all similar other cybercrime operations, according to cyber-security firm Malwarebytes. Malsmoke truly “hit the jackpot” when they managed to place their malware-triggering adverts on xHamster, which is one of the biggest adult video repositories online.
Not only that, but it’s one of the most popular websites on the planet – clocking up billions of visitors every single month.
As of July 2020, xHamster is the 20th most trafficked website in the world. That places it above Microsoft.com, Twitch.TV, and Ebay. Meanwhile, Netflix.com ranks at 19th worldwide. In other words, it’s really, really popular. Thankfully, not everyone who visited the website – despite scrolling past, or even clicking on the malicious advert – will have been successfully infected with malware by the team at Malsmoke.
That’s because the team was relying on vulnerabilities within Adobe Flash Player or Internet Explorer to install malware on the users’ computers. So, if you don’t have Adobe Flash Player installed on your Windows or macOS machine, you won’t be impacted – unless you use Internet Explorer to access adult websites, of course. Microsoft and Apple have both warned about the problems associated with using Adobe Flash Player, however, some websites and games still require the software to be installed.
Flash Player reaches its end-of-life at the end of this year, so we could see more criminals try to infect those still relying on the software before Adobe warns users that it will no longer be rolling out new updates, security patches and more.
When it comes to Internet Explorer, Microsoft no longer recommends its users use the unsupported web browser (which is still included with every installation of its latest Windows 10 operating system). Instead, Microsoft hopes users will move to its recently-overhauled Microsoft Edge browser, which uses the same underlying code as Google Chrome.
As Adobe Flash Player and Internet Explorer become less popular, this cyberattack – which is huge in scope – could really be considered the last hurrah to infect users with these old-school hacking tools, such as exploit kits.
Use in these methods have declined in recent years as more and more Windows and macOS users turn to modern browsers, like Safari, Chrome, Firefox and Edge, which have become increasingly tough to hack using these classic techniques.