Porn sites always feel a little bit sketchy, even if it’s only because of their illicit societal status. But two popular ones, PornHub and YouPorn, were a little bit more on the shady side this weekend while they were inadvertently spreading malware through third-party ads.
ITPro reports that hackers were able to sneak malware into the ExoClick ad network used by PornHub and YouPorn, which are both published by MindGeek. The “malvertising” attack meant that banner ads on the two sites were contaminated. MindGeek and ExoClick quickly removed the malicious “cookiecheck.js” code, but the incident is an important warning. With 800 million visitors per month, you can see how an undetected attack on the two sites could cause major problems.
Security firm Malwarebytes, which first detected the situation, explained in a blog post that, “During the past several months, high profile malvertising attacks against top adult sites have been sparse. This makes what we have seen during the past couple of weeks very unusual but also impactful given the sheer volume of traffic these sites receive.”
Malware attacks can come in waves as scammers jump on a particular trend or realize that a certain type of service may be vulnerable to a particular attack. These trends can also reoccur periodically, as hackers revisit a type of attack with a modified approach. MindGeek told Malwarebytes in a statement that:
We were alerted to the presence of a malicious advertisement appearing on a select few of Pornhub’s web properties. It was quickly determined that the malware originated from a third party advertising partner, and we responded immediately to disable all advertisements associated with this third party. … MindGeek proactively audits all third party advertisements displayed on our site on a continual basis.
Since their content is so inherently, um, compelling to the people seeking it out, porn sites may not always have quite as much of an incentive to make improvements as sites that are actively wooing fans. But while porn sites sometimes feel like the dark alleys of the Internet, that doesn’t mean they can’t prioritize creating a safe browsing environment. Consumer retention is generally just as important to them as it is to any site. Just practice safe browsing, and don’t click around the ads too much.
