Pop-Under Malvertising Attack Hits Adult And Streaming Sites With Ransomware

Pop-up and pop-under adverts have been plaguing web users for years now, but if you’re visiting certain types of sites, they could be pretty dangerous too.

Security firm Malwarebytes has uncovered another malvertising attack, this time affecting mainly adult and video streaming sites, which infects users with ransomware via a dodgy pop-under window.

Pop-under adverts are essentially the same as Popups, expect, as the name suggests, they hide behind the main browser window until the user manually closes them. This particular attack, carried out through the PopAds advertising network, uses the Magnitude Exploit Kit to install CryptoWall on vulnerable machines running out of date versions of Adobe Flash.

Malvertising

It is important to note that the websites displaying the malicious adverts are not themselves infected, but attackers have instead been able to upload dodgy creatives to the network serving up advertising.

The attack appears to be targeting European users, with 14.3 percent of infections taking place in Spain and 11.4 percent in each of France, Netherlands and Poland. The UK does not appear to have been significantly affected.

Malwarebytes says it has informed PopAds in the hope it can shut down the campaign, but until then, it recommends users keep web plugins updated or even consider uninstalling Flash altogether.

PopAds told TechWeekEurope it had been notified of the campaign and had since blocked several accounts.

A number of Malvertising attacks have previously affected users of dating websites, social networks and even Forbes.com, leading many to question the safety of online advertising – especially those running Flash. Google Chrome now pauses Flash adverts by default, while Amazon has blocked assets powered by the much-maligned software. Some have even turned to controversial ad-blockers to protect themselves against such attacks.

Many malvertising attacks have focused on adult websites, but experts do not believe pornographic destinations are any more dangerous than other, more trusted brands.

“There’s this idea that adult sites are more dangerous to visit than “regular” sites,” Segura told TechWeekEurope last year. “I don’t believe it’s entirely true especially for the top sites because they do dedicate a lot of resources to fighting fraud and malware. Based on what we have seen in the past months as far as malvertising goes, we have seen just as many top mainstream publishers as pornographic ones.”

What do you know about Internet security? Find out with our quiz!

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

15 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

15 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

16 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

18 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

21 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

21 hours ago