Hackers 'Screw' Millions Of PornHub Users In Large-Scale Malvertising Scheme

Tyler Durden's picture

Via StockBoardAsset.com,

Proofpoint, a next-generation American cybersecurity firm, has uncovered a large-scale malvertising  campaign in adverts appearing alongside videos on PornHub (Alexa US Rank 20 and world rank 37 as of this writing).

Researchers at Proofpoint have pinpointed KovCoreG group, the hacker organization behind the “sophisticated social engineering scheme that convinced users to infect themselves” through browser updates. The report states millions of potential victims are in US, Canada, the UK, and Australia. The malvertising scheme was active for more than a year but has since been shut down after PornHub and its ad network were notified of the activity.

According to WIRED, malvertising is the latest sweet spot for cybercriminals’.

Malvertising – seeding malicious code in online advertisements to infect unsuspecting users – might be the most jarring and difficult for many Web surfers to fathom. No one expects to get infected with malware when they visit trusted sites like YouTube or Reuters – hardly the seedy sides of the Web.


Yet attackers are preying on users’ implicit trust of these sites to infect them via the third-party ad content quietly displaying on these pages and sometimes burrowing into viewers’ browsers and PCs, before they even click on anything.

As Proofpoint notes, only a handful of hacking groups have penetrated online advertising networks, nevertheless those running on major websites. Several of these groups include:  SadClowns, GooNky, VirtualDonna, and AdGholas.

In KovCoreG case,  PornHub users were redirected to a website which claimed to be offering a software update for Chrome, Firefox, and or the Adobe Flash plugin.

A user would then be tricked into downloading Kovter, a variant of malware that allows the group to track Pornhub users and personal information.

“The combination of large malvertising campaigns on very high-ranking websites with sophisticated social engineering schemes that convince users to infect themselves means that potential exposure to malware is quite high, reaching millions of web surfers”, Proofpoint researchers noted.


“While the payload in this case is ad fraud malware, it could just as easily have been ransomware, an information stealer, or any other malware.”

Earlier this year, ADWEEK reports that Google blocked nearly 1.7 billion ‘bad ads’ that violated advertising policies.

The volume of ads that violate Google’s advertising policies has grown substantially.


In fact, last year Google’s systems identified and took down 1.7 billion ads across the internet—double what it did in 2015. The way Google puts it, removing that many ads manually would take a human 50 years at a rate of 1 ad per second.

So, if you visited PornHub in the last year, you might want to check out Amazon’s list of ‘virus protection’ software.

*  *  *

Bonus: America and the developed world have a porn addiction beating out The Weather Channel in Alexa website rankings…

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
yrat's picture

saw the fake firefox update ad several times... i mean... what?


was never dumb enough to click it, but was always surprised that such an oviously malicious attempt was stemming from such a major outlet.

svayambhu108's picture

> I'm fucked!

Yes, the articles says you are screwed

Manthong's picture


I don’t usually go on seedy porn sites.

But if I did, I would be sure to update my computer software from pop-ups there.

whatamaroon's picture

"usually' being the keyword..

GUS100CORRINA's picture

Hackers 'Screw' Millions Of PornHub Users In Large-Scale Malvertising Scheme

My response: ROFL!!!!!! Sinners in the hands of an ANGRY GOD!!!!

Mr Hankey's picture


GUS100CORRINA's picture

Mr. Hankey ...

Since you appear to be addicted to PORN and are a victim of the PORNHUB.COM crime, below is information that maybe of interest to you!!! It is good to know that the Europeans are behind this perversion and now we have the RED LIGHT DISTRICT online for Americans to see!

Technical details (pornhub.com)

IP address31.192.120.36




Location of IP address

Lookup information about the location associated with the IP address

Citynot provided

CountryNetherlands (NL) (99% confidence)

ContinentEurope (EU)

Time zoneEurope/Amsterdam 

Rusty Shorts's picture

Oh Gawd here we go again with this Jebus shit . Jebus loved prostitutes, go ahead GUS10000SINS, cast the first stone.

guru69's picture

what the fuck is wrong with you, racist vermin.

Tyler, throw this asshole out

whatamaroon's picture

Trust me I only clicked on PornHub once, and it was a quickie.

Al Gophilia's picture

I got a fat........... finger for my trouble.

Rusty Shorts's picture

I was 35 years old in the late '90's when the interwebs came around, that's when I discovered that I was left handed...

Sanity Bear's picture

There's always a "and then the user did something to classify himself as too stupid to live" in these scary malware stories.

Muppet's picture

@yrat  Yup, pornsite xHAMSTER popups a FireFox update/extension to stop tracking.    Like other forms of Spam, I  assume everyone (other than Boris Becker) knows not to click on such popups.  

I suppress ZH popups via FF + Ghostery but wonder how anyone can view ZH otherwise.



mkkby's picture

Firefox browser with ublock origin, noscript and disconnect cookie blocker. This kind of shit never gets thru and pages load 10x faster.

Cannot imagine there are still idiots who internet without a condom. You are bound to get aids from some digital crack whore.

BennyBoy's picture


At least use an ad blocker that works: uBlock origin and adguard are 2

AdBlockPlus lets you see ads, its a scam.

TuPhat's picture

I use adblock plus and I see no ads on ZH.  without it ZH is practically unreadable.

Mr Hankey's picture

Easy to click the wrong shit on a tiny phone screen.

DeadFred's picture

I'm not sure why anyone would watch porn on a tiny phone screen, kinda seems to defeat the purpose.

83_vf_1100_c's picture

  Because the wife would be suspicious if you drug the widescreen monitor and desktop in the can?

Nassim's picture

It is so obvious that one cannot help wondering if the browser people are in on the deal somehow.

thesonandheir's picture

So the US is near full employment while Pornhub magically gets more daily users?



dark fiber's picture

Depends on the job I guess.  Is the number of federal and state government employees rising?

MsCreant's picture

Rising? That is the point of the Porn, yes?

stormsailor's picture

there should be stiff punishment for such a dastardly deed

Son of Loki's picture

But she looked so innnocent?!

Seriously, anyone who clicks on any ad on one of those sites offering free anything (like penis enlargement or a "free" upgrade) deserves what they get.


serotonindumptruck's picture

Be careful when torrenting XXX films from The Pirate Bay.

Or any torrenting platform for that matter.

Computer virii are often concealed in porn files.

I_rikey_lice's picture

Only download torrents uploaded by VIP uploaders ( the ones with the green skulls on Pirate Bay) and you will most likely never have a problem. 

Never had a problem with any torrents of any kind.

Same thing on RARBG. Only download from reputable uploaders.

DeadFred's picture

A reputable porn uploader? ????

TemporarySecurity's picture

To get those kind of advertisements you do not need to click on anything and pop up blockers only work part of the time.  Some will also lock up various browsers where you have to close via service manager.  I have had those kind of attacks on multiple non porn sites but still shady sites.  Any idiot who clicks on anything and then accepts changes to their operating system deserve what they get. (windows 7 and 8 the OS did not actually block install for all software that is one improvement of windows 10)

guru69's picture

who knows?  You might get an enlarged penis

Cynicles II's picture

 penis enlargement you say?

Mr Hankey's picture

"Pop ups" no getting away from ' em. The jokes write themselves. 

44MagnumPrepper's picture

Perverted American Gets Perverted Justice

Son of Loki's picture

Rumor has it they already have all the personal info for 95% of general government employees, and 100% of info of SEC employees.

guru69's picture

multiple files from Bill Clinton

TheLastTrump's picture

Self righteous asshole points the finger, doesn't see the 3 fingers pointing right back at him. Typical Pharisee.


Is watching a porn video perverted? Of course not. (except 2 girls one cup, that's nasty)  Is it perverse to be a Pharisee? Why yes, yes it is.

TemporarySecurity's picture

It doesn't only happen on porn sites only, just ZeroHedge wanting to terrify it's viewers.  I have seen these kind of attacks on other sites as well.  Usually not quality sites but still legal sites.

serotonindumptruck's picture

Who the fuck pays for porn?

There's so much free stuff out there that you might as well give your subscription money to the homeless guy living in a van down by the river.

HRClinton's picture

Only those who want the illegal stuff, I'd imagine.

There's so much free stuff to enjoy for everyone else.

King of Ruperts Land's picture

You get what you pay for. If you have enough money get a gorgious wife. When that is good its the best you will ever have. Knock her up and have kids. Homemade MILF is soooo sweet.

King of Ruperts Land's picture

Ask your Daddy or Mommy about the "birds and the bees". If that doesn't do it ask a married person with kids to translate. Make sure you look up MILF. Fuck! Do I have to mansplain everything!