A cybercrime group has been posting malicious ads on pornsites in recent months to redirect users to another website and infect them with malware.
The group called Malsmoke has operated on a very high scale compared to other similar groups and has violated "too many pornsites".
Security company Malwarebytes, which monitors Malsmoke attacks, says that most of the time, the group manages to place malicious ads on not-so-well-known porn sites, but recently "hit the jackpot" when they did the same on xHamster, one of the largest erotic video portals and one of the largest websites on the internet, with billions of visitors every month.
Then, exploit kits used vulnerabilities in Adobe Flash Player or him Internet Explorer to install malware on the user's computers, with the most common payloads being Smoke Loader, the Raccoon Stealer and ZLoader.
Of course, only users who still use Internet Explorer or Adobe Flash have been the target of these malicious ads.
Attacks can be seen as a last resort to infect users with old school hacking tools, such as exploit kits, whose use has declined in recent years as modern browsers have become more difficult to hack.
With Flash scheduled to end its life cycle (EOL) by the end of the year, and Internet Explorer being phased out by Microsoft, these are the last few months that attackers still rely on exploitation kits.
"Despite recommendations from Microsoft and security professionals, we can only find that there are still many users (consumers and businesses) worldwide who have not yet switched to a more modern and fully supported browser," Malwarebytes said in a report. published earlier this week.