image
Cybercriminals are tricking adult website visitors – including sites such as bravoporn[.]com and hamster[.]com – in malvertising attacks that redirect victims to malicious websites serving up malware. The campaign, which is part of a larger malvertising effort dubbed “malsmoke”, has been tracked throughout 2020. The most recent efforts, researchers say, indicate a shift in strategy by the attackers – moving away from pushing victims to sites hosting exploit kits to popping up fake Java updates. The past tactic included adversaries redirecting site visitors to a website that would then deliver an exploit kit delivery chain (dropper, dowloader and malware). However, starting in mid-October, attackers updated their exploit kits with a twist. Researchers explain, a fake Java update was introduced, said researchers. When victims click on this “update,” it ultimately downloads Zloader, a banking malware designed to steal credentials and other private information from users of targeted financial institutions. “While we thought the threat actor had gone silent, they simply changed tactics in order to further grow their operations,” said researchers with Malwarebytes in a Monday analysis. “Instead of targeting a small fraction of visitors to adult sites that were still running Internet Explorer, they’ve now extended their reach to all browsers.” When clicking to play an adult video clip, a new browser window pops up with what looks a grainy video. In the background what’s happening…

Source