Hackers infected Pornhub users with malware in year-long attack, experts claim

Proofpoint claims to have uncovered a large scale attack
Proofpoint claims to have uncovered a large scale attack

Hackers have hijacked advertising on adult site Pornhub to infect "millions" of users with malware, cyber security experts claim.

New research by Proofpoint claims to have uncovered a large scale attack known as malvertising, which presented fake adverts for web browser updates to visitors to the site.

The cybersecurity firm said the attack was active for more than a year and exposed "millions of potential victims in the US, Canada, the UK and Australia", but has since been shut down by Pornhub.

The hack was carried out by a group known as KovCoreG, Proofpoint said, who hoped to infect users with an ad fraud malware known as Kovter.

This type of malicious software is traditionally used as a form of online advertising fraud to generate money through clicks on fake adverts.

In some cases a "clickbot" is installed which then requests and interacts with random adverts online.

In the case of Pornhub, Proofpoint said users were shown fake adverts urging them to click to download a new version or Flash update to their web browser - but would instead infect their computers.

Pornhub has not commented on the incident.

Proofpoint warned that this technique of tricking users into clicking on fake adverts and infecting themselves was effective, and had the potential to reach "millions of web surfers" if used elsewhere.

"While the payload in this case is ad fraud malware, it could just as easily have been ransomware, an information stealer, or any other malware," the company said.

"Regardless, threat actors are following the money and looking to more effective combinations of social engineering, targeting, and pre-filtering to infect new victims at scale."