Malware attacks Pornhub users accounts for their credentials | The Daily Dot

The latest malware hackers arent as interested in your bank information or social security number. Now, they want your PornHub login information.

A report from antivirus company Kaspersky Lab calls this malware effort credential hunting. The report says these sort of attacks doubled in numbers in 2018, affecting over 110,000 PCs around the world. The attacks can be traced to two popular sites: Pornhub and XNXX.

According to Kaspersky Lab, the malware delivers itself as a Trojan and appears to be a porn-related file. Users click on thefile and are asked to download malware disguised as a video player download or update before they can play the video for free. Then, users are taking to a website extorting them for money.

Hackers also apparently use a technique called “black SEO,” in which they look for the most-search porn tags, then tag the malware with those terms so the website containing the malware shows up at the top of a search.

A less pernicious, but still frightening, scam appears to be phishingscams through porn sites. Users might go to websites that look like popular porn sites such as PornHub or YouPorn, which then capture user’s credentials. These sites are typically sent out through spam or phishing emails, according to Kaspersky Lab.

Alternately, a user mighttry to watch a porn video,then get lured to another site that appears to be a social media network. To authenticate your age and watch the video, you have to log in to the scam social network siteand that’s when hackers allegedly capture user’s credentials. Hackers can also target payment information by directing the user to a fake payment site demanding the user pay for content before viewing.

Or users might download malware disguised as a porn-related linkand with it, botnets that track a user’s activity and steal credentials.

Then its quick cash for online criminalsthey sell user information on the dark web.

And for pretty cheap at that. The highest price for a login? Around $10.

Securelist

Hackers are also taking spam mail to the extreme. Gone are days of massobviously fakeemails offering you a million dollars to help out a prince.

In 2018, sextortion scams started to make their way into people’s inboxes, and they are downright scary.

Using information purchased on the dark web, criminals allegedly threaten to release video of users watching porn, saying they have a user’s name along with the videos they’ve been watching, claiming to have recorded the whole thing and will release the proof to all of the user’s contacts. The criminals use phone numbers, usernames, or passwords obtained on the dark web to make the threats more believableeven if the user names or passwords don’t have any connection to the porn sites in question.As ransom, they apparentlydemand bitcoin or thousands of dollars.

Securelist

The number of users being attacked with malware that hunts for their pornographic content credentials is on the rise and this means premium subscriptions are now a valuable asset for cybercriminals, Kaspersky Lab writes in the report.

Kaspersky Lab courted controversy in 2017 when the U.S. government banned the use of any of itshardware or software in civilian government agencies over concerns about its ties with the Russian government’s spy apparatus. The company denied that would assist any government with cyber espionage, according to Reuters.

H/T PC Mag

Read more: http://www.dailydot.com/

Leave a Reply

Your email address will not be published. Required fields are marked *