Threat Management, Malware, Network Security, Threat Management

xHamster targeted in another malvertising campaign

Popular adult site xHamster has been hit by another malvertising attack, and it may be part of a campaign that struck, and other sites earlier this year.

Malwarebytes said in a Thursday blog post that the xHamster attack leveraged free cloud-based platforms – Microsoft Azure, RedHat and IBM's Bluemix – and that ads were served via TrafficHaus. Users were ultimately pushed to the Angler Exploit Kit, which infected their systems with malware.

The Angler Exploit Kit has previously been observed exploiting Adobe Flash, Internet Explorer, and other vulnerabilities. Checks done at the exploit kit landing page level verify the user is genuine and running Internet Explorer to ensure "only real users will get to see the exploit kit landing page," the post said. This helps exclude honeypots and security researchers.

TrafficHaus stopped the initial attack, but days later the team observed more malvertising on xHamster where browlock, a browser-based ransomware, was distributed.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.