![]() The real domain was registered in 2014 and we even found a billboard advertisement for it tweeted out on April 26 2019, long before the scammers had registered their copycat domain. On May 21 2020, the threat actor registered the domain name sassysenssationscom which contains a voluntary typo (two 's') to mimic sassysensationscom which belongs to a legitimate business. In fact, we were fooled ourselves for a while before seeing what is obvious in hindsight. This browser locker campaign started well before showing up on PornHubcom and went undetected for a long time perhaps due to a clever typosquatting trick. This sequence of events can be summarized in the traffic capture below:Ī key part of this malvertising chain is the use of many different fake dating portals that are hiding the redirection mechanism for the browser locker. A redirect immediately loads the browser locker.An ad is served and makes a request to a decoy dating site.A request is sent to the TrafficJunky ad platform.We know from our telemetry that the malicious advertiser is targeting victims from the U.S. We were able to capture the malvertising redirection chain several times and the flow is almost identical. We believe this threat actor will keep on tricking new victims until fully exposed and individuals apprehended by law enforcement. We reported our findings to MindGeek and continue to track and share new incidents as they arise. This well-known scheme attempts to scare victims into calling so-called technicians for assistance but in fact defrauds them for hundreds of dollars. The scammers created those fake identities to redirect traffic away from the adult platforms onto pages showing bogus alerts claiming users were infected with pornographic spyware. We discovered a number of decoy dating sites used by fraudulent advertisers on TrafficJunky, the advertising company for brands such as PornHub, RedTube and YouPorn owned by MindGeek. In late January, we heard several complaints of fake Microsoft alerts and started to investigate them. The same group behind this campaign has been active for much longer and we believe is tied to previous schemes we've identified before, making it one of the most prolific tech support scam operations to date. Threat actors involved in tech support scams have been running a browser locker campaign from November 2020 until February 2021 on the world's largest adult platforms including PornHub.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |