There is no doubt that during this Coronavirus pandemic, cybersecurity problems have also multiplied as people are forced to stay at home. Recent reports revealed that over the past few months, a cybercriminal group called Malsmoke has been targeting several users with malicious ads on adult websites in order to redirect users to exploit kits and infect them with malware.
The group behind such malicious activities has operated several similar cybercriminal operations and has also abused the "practically all adult ad networks." As per the cybersecurity company Malwarebytes, which has been monitoring operations by the Malsmoke, the cybercriminal group has managed to place malicious ads on mid-tier adult websites.
But recently it was found that the threat actors managed to sneak malicious ads, also known as malverts, on xHamster—one of the most popular porn websites with billions of visitors. The security company said, "We saw possibly the largest campaign to date" on this site from a malvertiser (Malsmoke).
Malsmoke: Modus Operandi
Malwarebytes said, "The first malicious advertiser we observed was able to bid for ads on a number of adult sites by targeting users running Internet Explorer without any particular geolocation restriction, although the majority of victims were in the U.S."
As per the report, it was found that the role of Malsmoke's malverts was to use the JavaScript trickery and redirect the users of the porn website to a malicious site that was hosting an exploit kit, which would then use the vulnerabilities in Internet Explorer or Adobe Flash Player to install malware on those systems used by victims — with payloads; Raccoon Stealer, Smoke Loader, and ZLoader.
Exploit kits — which is an old-school hacking tool whose usage has declined in recent years as modern browsers are difficult to hack using this tool—are built around vulnerabilities in Flash and IE. This has made the tool-less effective as most of the internet users now use Chrome and Firefox.
Malwarebytes said in its report that despite recommendations from the tech giant Microsoft and security professionals, "we can only witness that there are still a number of users (consumer and enterprise) worldwide that have yet to migrate to a modern and fully supported browser, [and ] as a result, exploit kit authors are squeezing the last bit of juice from vulnerabilities in Internet Explorer and Flash Player."