Incident Response, Malware, TDR

Popular adult website XTube compromised, delivers malware

Visitors to popular adult website XTube are at risk of being infected with malware, according to Malwarebytes Labs.

Ultimately, visitors to XTube could be redirected to the Neutrino Exploit Kit, which Malwarebytes Labs researchers observed exploiting a Flash vulnerability, according to a Wednesday post. The malware being delivered was detected as Trojan.MSIL.ED.

As of Tuesday night, Malwarebytes Labs systems were still flagging the adult website as malicious, Jerome Segura, senior security researcher with Malwarebytes, told in a Wednesday email correspondence. He said that XTube has been made aware of the issue, but site operators have not been able to locate the problem.

“Contrary to a malvertising issue where the problem is external, XTube admins need to look at their own server to identify the issue,” Segura said. “Based on what we saw, this [is] a dynamic infection that injects [a] malicious iFrame ‘on-demand.' In other words this is not hardcoded in the page's source code, but added on the fly.”

Specifically, the community side of the website – or the user profiles portion – is affected, Segura said, but he added that other parts of the site could be impacted as well.

“We have seen server side infections before that exhibit this type of behavior and they require a thorough review of the entire system and its logs,” Segura said.

Attackers have been targeting adult websites in 2015 – at the end of January, Malwarebytes Labs researchers identified a malvertising campaign impacting adult website xHamster, and in February the security team noticed adult website RedTube spreading malware via a malicious iFrame.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.