A fake Java update found on various porn sites actually downloads the well-known Zloader malware.
Target On Adult Websites:
The malsmoke operators ran successful exploit kit campaigns for several months but in October decided to switch them over to a new social engineering scheme.
Importantly, Attackers are tricking Adult website visitors including sites such as bravoporn[.]com and hamster[.]com – by malicious ads redirecting users to exploit kits.
‘Malsmoke’ Zloader, a variant of a banking trojan that made a comeback after an absence of almost two years, now used as an info stealer.
Malsmoke goes for high traffic adult portals, hoping to yield the maximum number of infections. Therefore, A new campaign is tricking visitors to adult websites with a fake Java update.
Additionally, the latest domain name pornislife[.]online was registered with the same email address [email protected][.]com tied to a number of other web properties previously related to malsmoke gates.
New Social Engineering Trick:
Including Google Chrome, this new scheme works across all the web browsers. On clicking to play an adult video clip, a new browser window pops up telling users that the “Java Plug-in 8.0 was not found”.
However, The threat actors could have designed this fake plugin update in any shape or form. The choice of Java is a bit odd, though, considering it is not typically associated with video streaming.
For instance, those who click and download the so-called update may not be aware of that, and that’s really all that matters.
Defend From Evolving Web Threats:
As a result, Malsmoke was one of the most noticeable distributors of malvertising and exploit kits striking on high profile websites.
- Beware while installing applications
- Do not click/open Ads, pop up links
- Add Malwarebytes Browser Guard extension to your browser
- Migrate to a modern and fully supported browser
Indicators Of Compromise:
Decoy adult portal:
iqowijsdakm[.]ru wiewjdmkfjn[.]ru dksaoidiakjd[.]su iweuiqjdakjd[.]su yuidskadjna[.]su olksmadnbdj[.]su odsakmdfnbs[.]com odsakjmdnhsaj[.]com odjdnhsaj[.]com odoishsaj[.]com