Apparently cyber-criminals have an affinity not just for stealing credentials but more specifically for pilfering user credentials for pornography sites, according to a new report from Kaspersky Lab.
The new report found that nearly 110,000 people were attacked with credential-stealing malware specifically targeting a premium pornography account. That’s more than double the 50,000 people who faced this threat in 2017.
Researchers found that “cybercriminals are actively using popular porn-tags to promote malware in search results. The 20 most popular make up 80% of all malware disguised as porn. Overall, 87,227 unique users downloaded porn-disguised malware in 2018, with 8% of them using a corporate rather than personal network to do this.”
Last year’s credential-stealing malware attacks were most often distributed through botnets formed of repurposed banking Trojans. Attackers relied on the botnets to intercept a victim’s internal traffic and redirect them to fake adult web pages, most popularly Pornhub.
According to researchers there were more than 37,144 attempts to visit phishing versions of Pornhub, which was significantly higher than the 1,161 total attempts to visit fake versions of YouPorn, xHamster and XVideos. Because these spoofed websites look almost identical to the actual porn sites, users unsuspectingly enter their credentials.
“Although the number of phishing may seem high, it's important to note that in relation to the amount of site visits (33.5 billion visits in 2018), the percentage of phishing attempts is very small (less than .0001%). This low percentage rate can be attributed to the fact that Pornhub actively monitors and removes phishing websites and offers two-factor authentication when logging into Pornhub accounts,” Pornhub reportedly said is a statement shared with Kaspersky Lab.
Researchers found nearly a threefold increase in the number of malware attacks attempting to steal porn website credentials in 2018, up to 850,000 from 307,868 attack attempts in 2017. Not surprisingly, the rise in attacks has also resulted in a surge in the number of stolen porn credentials offered for sale on the dark web.
“Premium access credentials to porn websites might not seem like the most obvious thing to steal,” said Oleg Kupreev, security researcher at Kaspersky Lab in a press release. “However, the fact that the number of sales offers relating to such credentials on the dark web is rising, and the increased efforts to distribute such malware, shows that this is a profitable and popular line of illegal business.”