Millions of PornHub visitors ‘exposed’ to browser update malware

PornHub visitors running Windows may have fallen victim to a case of indecent exposure they weren’t bargaining for.

According to security firm Proofpoint a recent malware attack “exposed millions of potential victims in the US, Canada, the UK, and Australia.”

The security researchers say hackers were able infiltrate the adult site’s Traffic Junky-powered advertisements in order to push fake browser updates to users.

Visitors would receive legitimate-looking pop-ups claiming to offer critical browser updates, the report says (via Sky).

Related: PornHub’s visually impaired mode is no masturbation joke

PornHub patrons using Microsoft Edge, Firefox and Google Chrome received the notifications which, if actioned upon, would inject malware into their computers.

Proofpoint says the ‘malvertising attack’ was carried out by a group called KovCoreG and inserted malicious software designed with the intent of defrauding web users.

In a blog post, Proofpoint wrote: “The infection chain in this campaign appeared on PornHub (Alexa US Rank 21 and world rank 38 as of this writing) and abused the Traffic Junky advertising network. It should be noted that both PornHub and Traffic Junky acted swiftly to remediate this threat upon notification.

“The attack has been active for more than a year and is ongoing elsewhere, but this particular infection pathway was shut down when the site operator and ad network were notified of the activity.”

PornHub is yet to comment on the Proofpoint claims.

Do you think you may have been affected by the malvertising? Drop us a line @TrustedReviews on Twitter.