Hackers Target Premium Account Holders of Adult Sites: Report
Cybercriminals now seem to be showing an increasing tendency to attack premium account holders of adult websites in a bid to steal their credentials, as per a recent report.
The Kaspersky Lab report on threats to users of adult websites in 2018 reveals that the number of users who were attacked by hackers seeking to steal premium access login data to popular adult websites more than doubled in the span of a year. If around 50,000 premium users were attacked in 2017, the number rose to 110,000 in 2018.
The report reveals that overall more than 8,50,000 attacks were detected; the figure for 2017 was 3,07,868. The Kaspersky Lab report also pointed out that there was an increase in the number of malware families that were used to launch these attacks on porn site users. The inference is that there could be a link between the rise in the number of malware families and the increased number of attacks launched.
Kaspersky Lab experts had, in 2018, found 22 different variations of bots that were distributing five families of Banking Trojans for such attacks. The five families of Banking Trojans were- Betabot, Gozi, Panda, Jimy, and Ramnit. 2017 had seen 27 variations of bots being used, but these were used to distribute only three malware families, namely Betabot, Neverquest, and Panda.
The Kaspersky Lab report has also revealed that the login credentials that were stolen from the premium users of porn websites were put up for sale on the dark web. As per the research report, the number of unique offers for porn website premium access credentials doubled in 2018 to reach more than 10,000 (it was around 5,000 in 2017). Yet, the price remained the same – around $5-10 for each account.
Hackers always tend to choose whatever is popular on the internet. Porn definitely is very popular and hence it’s quite natural for malware authors to use porn to lure victims to malicious websites or to execute other malicious activities. Now, it’s premium accounts to porn websites that hackers seem to be more interested in. The hackers intercept users’ data traffic and redirect them to a fake webpage that would look exactly like the porn website that users would be trying to visit. The unsuspecting users would type in their login credentials, which would instantly be captured. The stolen credentials, as mentioned earlier, would then be sold on the dark web. Sometimes, cybercriminals would lock users out of their accounts also.
The malware used to launch such attacks are usually distributed through botnets, which comprise chains of malware-infected devices or systems. As already mentioned, it’s different versions of known Banking Trojans that were repurposed to carry out these attacks on premium account holders of adult websites.
The Kaspersky Lab report on threats to users of adult websites in 2018 has revealed some other findings as well. These include the following:
- Online porn searching has become safer; the number of users who were attacked in 2018 is 36% lesser than in 2017.
- Hackers now actively use popular porn tags to promote malware in search results. Consequently, in 2018, 87,227 unique users downloaded porn-disguised malware. A notable thing is that 8 percent of these users were using corporate networks to access porn.
- Compared to 2017, the number of attacks using malware to hunt for login credentials to porn websites grew almost three-fold in 2018; there were over 850,000 attempts to install such malware. The number of users attacked doubled in 2018, the figure for 2018 was 110,000 PCs across the world.
- 2018 saw the number of unique sales offers of credentials for premium accounts to porn websites getting almost doubled.
- 2018 witnessed an increase in the number of porn-themed threat samples, but in terms of variety, the year recorded a decline. Kaspersky Lab researchers identified at least 642 families of PC threats that were disguised under one common pornography tag. But coming to the malware types, these 642 families were distributed between 57 types (it was 76 in 2017).
- On Android devices, 89% of infected files disguised as pornography were Adware.
- Q4 2018, compared to Q4 2017, saw a 10-time increase in attacks coming from phishing websites pretending to be popular porn websites.
Here are some basic tips that could help users reduce the risk of infection…
- Be very careful about the websites you visit, confirm their authenticity, look for the ‘https’.
- Give importance to password management. Always have strong passwords, keep changing passwords regularly and never use same passwords for multiple services/websites.
- Always use the necessary security software; choose a reliable brand.
- If you are running a business, restrict website access, especially porn websites.
- Be careful when you are asked for banking details, card data. Always have a separate account and card for premium account-related activities.
Be wary of phishing emails, links etc.
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.