Porn site xHamster hit by massive malware campaign
Adult website xHamster has once again been targeted by cybercriminals, causing tens of thousands of visitors to the site to be infected with malware.
Malicious advertisements were first spotted on xHamster by security firm Malwarebytes on 24 April, which used an exploit in the web browser Internet Explorer.
It follows a similar attack on the porn site in January, in which "booby trapped" malicious advertisements were served through ad provider TrafficHaus.
"Simply going on xHamster's website could infect a PC if the browser or one of its plugins was not up to date," said Jerome Segura, senior security researcher at Malearebytes, in a blogpost detailing the malvertising campaign.
"We notified TrafficHaus, which responded immediately to shut down the malicious ad, helping to limit the number of victims."
xHamster is one of the most popular adult sites on the internet, averaging 514 million visitors per month and featuring an Alexa ranking of 57 that lists it above other popular porn sites, including Pornhub, RedTube, YouPorn and XVideos.
Malwarebytes described the exploit kit used by cyber criminals in the latest incident as one of the "most active and advanced" in recent months.
"As an end user, you need to ensure that your computer is fully patched and that you are using the right tools to protect your assets," Segura said.
"Malwarebytes Anti-Exploit users were protected against this malvertising on xHamster, even if their computers were not patched [not recommended]. If you believe you may have been infected, feel free to run a scan with our anti-malware."
xHamster is yet to respond to a request for comment from IBTimes UK about the issue.
© Copyright IBTimes 2024. All rights reserved.