Ouch! Porn watchers hit by login stealing malware doubled

Number of attacked users rose from around 50,000 in 2017 to 110,000 in 2018.

Update: 2019-02-22 05:56 GMT
Be it the rise of malicious apps, or the recent trend of researchers calling out these apps, or both, but it is the Play Store's reputation that is taking a hit.

The number of users attacked by malware out to steal premium access login data to popular adult websites more than doubled in a year, rising from around 50,000 users in 2017 to 110,000 users in 2018. In all, more than 850,000 attacks were detected. This growth was accompanied by more offers of stolen credential for sale on dark web markets and an increase in the number of malware families launching attacks. These and other findings are unveiled in Kaspersky Lab's report on threats to users of adult websites in 2018.

To steal the credentials to a premium account on an adult-content website, cybercriminals distribute malware through botnets: chains of ‘bots’ or devices infected with malware capable of downloading additional malware depending on the goals of the botnet master. In the case of credential stealing threats, these botnets are usually formed by versions of known Banking Trojans that were repurposed to attack users of adult websites. They intercept their victims’ data traffic and redirect them to fake web pages that mirror the authentic adult site the user is attempting to visit, capturing the credentials when the user tries to log in to their premium account. Such an approach is increasingly popular among cybercriminals and usually leads to victims’ personal information being exposed and used by criminals. In addition, a victim can sometimes find themselves locked out of accounts for which they could be paying a subscription of 150$ USD per year.

According to Kaspersky Lab’s researchers, the rising number of users facing such malware is matched by its intensified productivity. The number of porn-related attacks by these programs increased almost three-fold: from 307,868 attacks in 2017 to 850,000 in 2018. Such an increase could be linked to a rise in the number of malware families distributed by botnets to hunt for porn login credentials. In 2018, Kaspersky Lab experts uncovered 22 variations of bots distributing five families of Banking Trojans for such attacks: Betabot, Gozi, and Panda – also known to target users of popular e-commerce brands - along with Jimy, and Ramnit. The last two, like Gozi are new to porn login attacks. In 2017, 27 variations of bots distributed just three malware families, Betabot, Neverquest, and Panda.

The increase in attacks was accompanied by a rise in the number of offers related to stolen credentials on dark web markets: the research shows that in 2018 the number of unique offers for porn website premium access credentials doubled to reach more than 10,000, compared to around 5,000 in 2017. The price, however, remained the same – around 5-10$ for each account.

Tags:    

Similar News