Porn-related malware attacks decreased, but credential theft tripled

While the overall malware attacks on porn sites decreased, Premium-access credentials theft rose by 300%

Adult site users are infected with malware and their accounts are put up for sale on the dark web

According to cybersecurity researchers, porn sites and their users have always been the target for malware developers.^[1] In the past, porn-oriented sites were flooded with malware, be it data-stealers or file-locking viruses. Nevertheless, adult site authors are trying to make such domains safer, as the overall infection rate decreased by 36% – a little over a million infections in 2017 and 650,000 in 2018.

However, it seems like the new target of cybercrooks became credentials of premium members of porn sites – including Pornhub, Youporn, XVideos, and many other sites.

Cybercriminals who distribute malware and target adult site users seek to steal people's premium accounts and credential details and put them up for sale on the dark web^[2] market where the request of such data is really high, according to Kaspersky experts:^[3]

When we considered why someone would hunt for credentials to pornographic websites, we checked the underground markets (both on the dark web and on open parts of the internet) and found that credentials to pornography website accounts are themselves quite a valuable commodity to be sold online. They are for sale in their thousands.

The most popular targeted websites now are Pornhub and XNXX

In the past, crooks used to target a wide range of adult websites, including Pornhub, Youporn, Wilshing, Motherless, Brazzers, Chaturbate, Myfreecams, XNXX, and XVideos. However, now computer specialists from Kaspersky Lab discovered that cybercriminals are targeting a way smaller number of pages which includes only Pornhub and XNXX.^[4]

According to research, in 2018 around 87,000 users have been the victims of malware while browsing for adult content on the Internet. What is more interesting, 8% of these users were not using their private home network but searching for porn content by using their organization provided network!

For further information, cyber crooks used video material by placing them on malicious web pages to infect numerous adult website users as these malware-laden pages where under control of the criminals themselves. Also, these people manipulated search query results to infect a more significant number of computer users.

Trojan-Downloader is the main malware string which is used to launch attempts on adult sites

The Kaspersky Lab organization has discovered that the most common malware form distributed via adult content was the Trojan-Downloader. According to investigations, cyber crooks are very likely to use such malware as it allows to drop other dangerous computer infections also.

However, researchers from Kaspersky found out that other programs guilty for attacking adult content users were trojans, worms, computer viruses, trojan-droppers, and even adware applications. Also, the company informed users that truly the percentage of phishing attempts launched on porn sites is not that big as it might seem as Pornhub takes care of suspicious pages by itself:^[5]

Although the number of phishing may seem high, it's important to note that in relation to the amount of site visits (33.5 billion visits in 2018), the percentage of phishing attempts is very small (less than .0001%). This low percentage rate can be attributed to the fact that Pornhub actively monitors and removes phishing websites and offers two-factor authentication when logging into Pornhub accounts.

Stolen credentials are very popular on the dark web because of its low price

Talking about the sold credentials and premium accounts, crooks place them on dark web markets and sell from $3 to $10 per each. This type of information is very popular as usually premium porn website accounts cost around $20-$30 for a month which appears to be a very high price for some people:

Whether it is worth it or not, some users agree that the price of premium accounts to popular pornography websites is rather high. For example, monthly memberships can vary from $20 to $30, and annual unlimited access costs might scale from $120 to $150. This is where cybercriminals enter the fray.