A massive malvertising attack is striking adult content portals, including top porn domain xHamster.com which has close to half a billion monthly visitors. The malicious advertisement was being served by TrafficHaus (it has since been removed), and was for a dating application called “Sex Messenger.” Malwarebytes Labs found that it was displayed often enough to reliably reproduce the infection—and found that this attack, like others in the same campaign, infects a user’s machine with ransomware via an exploit kit. The Malwarebytes Lab research team has detected various large malvertising attacks over the past few months, including those targeting Yahoo! and eBay UK. These all appear to be connected and pushed out by the same group of criminals.
View full story