xhamster porn cyber attack malware
Porn site xHamster has been hit with a malware campaign, potentially affecting millions of users Malwarebytes

A cyberattack on a number of adult websites, including popular porn site xHamster, has been discovered by a security firm, potentially affecting millions of users. Malwarebytes previously found the 'malvertising' campaign on search engine Yahoo last month, directing users who clicked on the malicious online ads to a fraudulent page containing false accusations of criminal activity and instructions to pay a fine.

XHamster, which serves users free porn videos, as well as paid-for premium content, is one of the world's most-popular domains with close to half a billion monthly visits. According to Alexa web rankings, xHamster receives more visits than other popular porn sites, including PornHub, RedTube, YouPorn and XVideos.

The malicious advert in question was for a dating app called Sex Messenger and designed to affect users running Microsoft's web browser Internet Explorer.

"Several checks are embedded within the ad to verify that the user is genuine and is running Internet Explorer," Jerome Segura, senior security researcher at Malwarebytes, wrote in a blog post detailing the malware campaign.

"These efforts ensure that only real users will get to see the exploit kit landing page, therefore excluding honeypots and security researchers alike. It's noteworthy that those checks – which used to be done at the exploit kit landing page level – are done at the traffic redirection/malvertising stage most likely to avoid unnecessary attention and wasted traffic."

TrafficHaus, the company that served the Sex Messenger ad, was contacted by the Malwarebytes researchers and have since put an end to the malicious campaign.

Security expert Graham Cluley advised web users to use security software to avoid being affected by such attacks. Cluley said: "Take care out there folks – keep you computer protected with up-to-date security software, ensure that your operating system and applications are fully patched and consider running an ad blocker."