LOS ANGELES — Two months after warning of a surge in malvertising fraud targeting adult websites, internet security experts have determined that the bad actors behind it have switched tactics from “exploit kit delivery” to “social engineering” via a fake Java update screen.
As XBIZ reported back in September, the criminal modality of “malvertising,” where bad actors sneak malicious code into supposedly legitimate banner ads, made a comeback this year as people spend more time online — and on adult sites.
Security firm Malwarebytes explained the initial stage of this campaign — which they dubbed “Malsmoke” — as “ads [that] redirect visitors to sites that serve malicious code.”
“When viewed with Internet Explorer or Adobe Flash, the code can exploit critical vulnerabilities in unpatched versions of Internet Explorer,” Malwarebytes initially warned.
Today, Malwarebytes announced that “starting mid-October, the threat actors behind ‘Malsmoke’ appear to have phased out the exploit kit delivery chains in favor of a social engineering scheme instead. The new campaign is tricking visitors to adult websites with a fake Java update.”
This change is significant, according to the security firm, because “it drastically increases the target audience, no longer limiting it to Internet Explorer users running outdated software.”
One of the largest adult sites targeted by the malvertising hackers, according to Malwarebytes, is xHamster.
To read an elaborate explanation of this latest modality in online fraud, visit Malwarebytes.
