Threat Watch

“Malsmoke” Threat Actor Group Targets Porn Sites with Malicious Ads

Originally reported by ZDnet, Malwarebytes has released a new report detailing a recently discovered threat actor group, nicknamed “Malsmoke.”  Malsmoke has been systematically attacking “practically all adult ad networks” in order to deploy malicious ads that redirect to malicious sites hosting an exploit kit. The exploit kit then attempts to exploit vulnerabilities in Adobe Flash Player or Internet Explorer in order to install various malware including Smoke Loader and Zloader.

ANALYST NOTES

Because exploit kits specifically target Adobe Flash Player, Binary Defense recommends disabling Adobe Flash Player (which will hit end of life by the end of the year). Additionally, Binary Defense recommends replacing Internet Explorer (IE) with an updated browser and keeping up with security updates. Because of the many vulnerabilities in the browser, Microsoft has also been attempting to phase IE out and replace it with Edge.

https://www.zdnet.com/article/porn-site-users-targeted-with-malicious-ads-redirecting-to-exploit-kits-malware/