Thursday, April 18, 2024

Hackers using Malware that Steal Premium Users Credentials from Pornhub, XVideos to sell it in Dark Web

New Threat report revealed that Credential stealing malware were dramatically increased in 2018 that target the adult websites premium users credentials to selling it in dark web.

These credentials are most wanted data in underground market place in Dark web where cybercriminals selling these stolen data for thousands.

It very common that pornography website is associated with malware and sophisticated cyber threats since the platform contains a high traffic rate.

For an example last year, a government employee who accessed around 9000 pornographic web pages in his workplace that leads to compromised his device and infected the entire government network.

One step ahead, malicious ads from adult website leads the victim to install the malicious applications on their devices and steal the banking related credentials.

Researchers from Kaspersky Lab discovered many of malicious samples that perform credential stealing activities from most popular pornographic websites.

Also, Researcher states that credentials to pornography website accounts are themselves quite a valuable commodity to be sold online both internet and dark web underground markets.

Some of the Facts in Last year Attack from Adult websites

Cybercriminals using a lot of technique to spreading their malware among pornography websites by promoting the porn related tags in Google search.

Kaspersky statement said The 20 most popular make up 80% of all malware disguised as porn. Overall, 87,227 unique users downloaded porn-disguised malware in 2018.

Nearly 650,000 users affected in 2018 that drops from the adult websites and most of the malware dropped intended to steal the premium porn website accounts.

Adult content websites premium accounts credentials price doubled last year and these credentials are highly demanded on the dark web underground market.

In 2018, Kaspersky Lab identified at least 642 families of PC threats disguised under one common pornography tag and 89% Android-based malware from porn website posed as adware.

In other ways, threat actors targeting users via phishing attack that posed as well known adult website such as xvideos, xnxx, pornhub where users trick to give away their information.

“According to Kaspersky research, Pornographic content phishing can also be used to install malicious software. For example, to access an alleged adult video, the phishing page requires the user to download and update a video player.”

“Whether it is worth it or not, some users agree that the price of premium accounts to popular pornography websites is rather high. For example, monthly memberships can vary from $20 to $30, and annual unlimited access costs might scale from $120 to $150. This is where cybercriminals enter the fray. kaspersky said. You can also read the detailed report here.

Awareness Tips

  • Before clicking any link, check the link address shown, even in the search results of trusted search engines. If the address was received in an e-mail, check if it is the same as the actual hyperlink.
  • Do not click on questionable websites when they are offered in search results and do not install anything that comes from them.
  • If you wish to buy a paid subscription to an adult content website – purchase it only on the official website. Double check the URL of the website and make sure it is authentic.
  • Check any email attachments with a security solution before opening them –especially from dark web entities (even if they are expected to come from an anonymous source).
  • Patch the software on your PC as soon as security updates for the latest bugs are available.
  • Do not download pirated software and other illegal content. Even if you were redirected to the webpage from a legitimate website.

Related Read

Hackers Launching Trickbot Malware That Steals VNC, PuTTY and RDP Credentials

New Unpatched macOS Flaw Allow Hackers to Spy on Safari Browser History


Latest articles

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall Vulnerability (CVE-2024-3400)

In the wake of the recent disclosure of a critical vulnerability (CVE-2024-3400) affecting a...

Cerber Linux Ransomware Exploits Atlassian Servers to Take Full Control

Security researchers at Cado Security Labs have uncovered a new variant of the Cerber...

FGVulDet – New Vulnerability Detector to Analyze Source Code

Detecting source code vulnerabilities aims to protect software systems from attacks by identifying inherent...

North Korean Hackers Abuse DMARC To Legitimize Their Emails

DMARC is targeted by hackers as this serves to act as a preventative measure...

L00KUPRU Ransomware Attackers discovered in the wild

A new variant of the Xorist ransomware, dubbed L00KUPRU, has been discovered in the...

Oracle Releases Biggest Security Update in 2024 – 372 Vulnerabilities Are Fixed – Update Now!

Oracle has released its April 2024 Critical Patch Update (CPU), addressing 372 security vulnerabilities...

Outlook Login Panel Themed Phishing Attack Evaded All Antivirus Detections

Cybersecurity researchers have uncovered a new phishing attack that has bypassed all antivirus detections.The...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.


Mastering WAAP/WAF ROI Analysis

As the importance of compliance and safeguarding critical websites and APIs grows, Web Application and API Protection (WAAP) solutions play an integral role.
Key takeaways include:

  • Pricing models
  • Cost Estimation
  • ROI Calculation

Related Articles