A hacker collective known as KovCoreG has been targeting the users of the PornHub pornography website, tricking them into downloading and installing malware on their computers.
The attack apparently had been active for over a year and “exposed millions of potential victims in the US, Canada, the UK, and Australia”, according to Proofpoint, a security company cited by the Guardian.
"While the payload in this case is ad fraud malware, it could just as easily have been ransomware, an information stealer, or any other malware. Regardless, threat actors are following the money and looking to more effective combinations of social engineering, targeting and pre-filtering to infect new victims at scale," Proofpoint warns.
According to the Guardian, PornHub did not comment on this development.
Mark James from the IT security company ESET also pointed out that PornHub was likely a preferred target for hackers because the website’s users are less likely to have active security countermeasures in place and would probably be reluctant to seek help in order to keep their browsing history secret.