On the heels of the Ashley Madison data leak, unsuspecting folks who plan to go online to meet that someone special this week are at risk again.
A new malvertising attack has been detected by Malwarebytes researchers, affecting the popular dating site PlentyofFish, which draws over 3 million daily users.
Those infected are receiving the Nuclear exploit kit, which can drop all sorts of attacks (such as banking Trojans) onto users’ machines. Thousands are likely infected.
“The ad network involved in the malvertising campaign (ad.360yield.com) was familiar and it turns out that we had observed it in a rare attack captured by our honeypots just one day prior,” explained Malwarebytes researcher Jerome Segura, in a blog. “The redirection chain goes through multiple hoops before reaching its final destination, the exploit kit landing page.”
He added, “Given that the time frame of both attacks and that the ad network involved is the same, chances are high that pof[dot]com dropped that Trojan as well.”
PlentyOfFish has been made aware of the issue, he said.
Using a dating site for malvertising makes a lot of sense given the large average number of daily visitors most of them have. The bigger the target audience, the bigger the payoff.
A Bromium Labs research report that analyzes the ongoing security risk of popular websites and software recently found that online advertisements with hidden malware are delivered primarily through news websites (32%) and entertainment websites (26%). Notable websites unknowingly hosting malvertising have included cbsnews.com, nbcsports.com, weather.com, boston.com and viralnova.com.