Hackers now target porn website users, especially PornHub and XNXX users accounts and get away with their login credentials.
This kind of hacking, as per security experts, has nothing strange about it. Pornography, despite many ongoing campaigns to decrease online pornographic content and traffic, remains one of the most popular and sought-after kinds of online content. Hence, it is quite natural for cybercriminals to target porn websites and their users.
A recent report by Kaspersky Lab discusses this kind of hacking in detail. The analytical piece refers to such hackers as “credential hunters”. The report, published on February 21, 2019, notes, “A year ago, we conducted research on the malware hidden in pornography and found out that such threats are both real and effective. One of the key takeaways of last year’s report was the fact that cybercriminals not only use adult content in multiple ways – from lucrative decoys to make victims install malicious applications on their devices, to topical fraud schemes used to steal victims’ banking credentials and other personal information – but they also make money by stealing access to pornographic websites and reselling it at a cheaper price than the cost of a direct subscription.”
As per Kaspersky Lab experts, such attacks increased considerably in numbers last year. They report that compared to 2017, there was a three-fold increase in such attacks in 2018. The number of users attacked doubled and over 110,000 PCs across the world were affected. The variations of malware used for such attacks fell from 27 to 22, but the number of malware families increased from three to five. This showed that cybercriminals saw pornography credentials as valuable. The Kaspersky Lab report also says that the hunt for credentials was not too scattered. The “credential hunters” remained more focussed and seemed to prefer two porn websites, namely PornHub and XNXX. It’s bots belonging to the Jimmy malware family that were being used to target PornHub users and XNXX users.
The malware delivers itself as a Trojan, which appears to be a porn-related file. When users click on the file, they would be asked to download a video player or an update so as to enable them to play the video for free, but they would actually be downloading malware into their system. They might even be taken to a website that would attempt money extortion from the users.
Kaspersky Lab reports that such hackers sometimes use the so-called ‘black SEO’ techniques, which involves changing the malicious website content and description so as to make it appear higher up on the search results pages. But this method seems to be currently becoming less effective as a result of search engines endeavoring to fight against ‘black SEO’ activities to protect users from malicious content.
Phishing scams through porn websites are also getting popular; hackers send out phishing emails with links to websites that might look like porn websites. Hackers use this to steal login credentials. Similarly, a user who watches porn might be lured to open another site, which might appear like a social network, where the user would be asked for identity authentication to watch the adult video, saying that it can only be accessed by users who confirm that they are over 18. In addition to stealing login credentials, the hackers might even redirect the users to fake payment websites and then ask them to pay for watching the videos.
The user information that’s stolen is sold on the dark web for a very cheap price, the highest price for a login being around $10.
Sextortion scams were also rampant in 2018. Cybercriminals would use the information purchased on the dark web to identify porn watchers and then scare them, threatening to release videos of them watching porn along with their username to their contacts. They would use all the information that they got from the dark web- usernames, passwords, telephone numbers etc- to make it all seem believable, and then demand ransom, either in bitcoin or thousands of dollars.
A rather less obvious cybersecurity risk associated with online pornography is hackers being able to hit corporate networks by hacking the system/device of employees who watch porn at their workplace.
For those who consume adult content online, it’s always best to adopt best security practices, including staying safe from phishing emails/links, ensuring authenticity of adult websites for which they seek paid subscription, updating software and OS regularly, effective password management, refraining from downloading pirated/illegal content, using necessary security software etc. Similarly, organizations should have policies about employees accessing external websites and should also educate employees on all aspects of cybersecurity.