Kaspersky Lab Finds Malware Targeting Online Porn Account Credentials More than Doubled in 2018

Woburn, MA – February 21, 2019 – A new report from Kaspersky Lab has observed an increase in malware stealing login credentials for premium accounts on adult websites, with around 110,000 people facing this kind of attack in 2018. This is more than double the number of people that were targeted by this threat in 2017. Researchers also observed an increase in adult website credentials for sale on dark web markets, as well as a rise in the number of malware families launching porn-related attacks.

Credential-stealing malware is typically distributed through botnets formed of repurposed banking Trojans. As cybercriminals show an increased interest in adult content websites, they are using this same method to steal credentials for premium porn accounts. In these attacks, botnets intercept victims’ internet traffic and redirect them to fake webpages that mirror an authentic adult site they are attempting to visit. The botnets can then capture the user’s credentials as they type them in to the fake site. In addition to exposing victims’ personal information, these attacks can also lead to victims being locked out of their account, for which they could be paying a yearly subscription of up to $150.

Kaspersky Lab researchers found that this threat is not only targeting an increased number of users, but it is also growing in productivity. The number of malware attacks attempting to steal porn website credentials increased almost three-fold in just a year, rising from 307,868 attack attempts in 2017 to more than 850,000 in 2018.

Furthermore, researchers have seen a rise in the number of offers related to stolen porn credentials on dark web markets. In 2018, Kaspersky Lab experts found around 10,000 unique offers for premium access credentials to porn websites, approximately double the number of offers seen in 2017. The price, however, remained the same – around five to ten dollars for each account.

“Premium access credentials to porn websites might not seem like the most obvious thing to steal,” said Oleg Kupreev, security researcher at Kaspersky Lab. “However, the fact that the number of sales offers relating to such credentials on the dark web is rising, and the increased efforts to distribute such malware, shows that this is a profitable and popular line of illegal business. Users of adult content websites should keep in mind that such malware can remain unnoticed on a victim’s device for a long time, spying on their private actions and allowing others to do the same, without logging the user out so as not to arouse their suspicion. Even those who simply visit the site but don’t have a premium account could be in danger, as they might risk exposing their private data.”

Additionally, researchers found that the number of attacks coming from phishing pages pretending to be one of the major free porn websites increased significantly in 2018. Pornhub was the most commonly copied page, with Kaspersky Lab detecting 37,144 attempts to visit phishing versions of this website, compared to just 1,161 total attempts to visit phishing versions of Youporn, Xhamster, and Xvideos.

In a statement, Pornhub said: “Although the number of phishing may seem high, it's important to note that in relation to the amount of site visits (33.5 billion visits in 2018), the percentage of phishing attempts is very small (less than .0001%). This low percentage rate can be attributed to the fact that Pornhub actively monitors and removes phishing websites and offers two-factor authentication when logging into Pornhub accounts.”

Additional key findings from Kaspersky Lab’s report include:

• Overall, fewer attacks are targeting people searching for pornography online. In 2018, 650,000 people faced attacks launched from online resources, which is 36 percent fewer than in 2017, when more than one million of these attacks were detected.
• Cybercriminals are actively using popular porn tags (such as “Pornstar” or “HD-porn”) to promote malware in search results. In 2018, 87,227 unique users downloaded malware disguised as porn.
• There is a wide variety of porn-themed malware samples, with Kaspersky Lab observing 642 families and 57 types of PC threats.
• On Android devices, 89 percent of infected files disguised as pornography turned out to be adware.

To reduce the risk of being victimized by porn-related malware, Kaspersky Lab advises the following tips for consumers:

• Pay extra attention to the authenticity of adult websites. Do not visit websites unless the URL starts with ‘https’, especially those that ask for login credentials. Type the URL of the site into your browser, rather than clicking on a link in search results or in an email.
• Use reliable security solutions that offer comprehensive protection against banking Trojans and other threats, such as Kaspersky Security Cloud.
• Never re-use the same password for several websites or services. To help you remember all of your login credentials, use dedicated password management software like Kaspersky Password Manager.

Read the full Kaspersky Lab report on threats facing users of adult websites on Securelist.

About Kaspersky Lab
Kaspersky Lab is a global cybersecurity company, which has been operating in the market for over 21 years. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into next generation security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

Media Contact:

Meghan Rimol

781.503.2671

meghan.rimol@kaspersky.com