Cyber-criminals have been using pornography and adult content as a lure to spread malware and steal information since adult content hit the internet, but recent research shows that access to legitimate sites are also fueling a lucrative trade on the dark web.
Researchers at Kaspersky Lab examined some of the cyber-threats that the users of adult websites and applications face. As more adult content sites begin to turn into content sharing platforms where users can submit their own content, create loyal communities, and like and share content, cyber-criminals have found value in stealing and selling adult site login credentials on the dark web, putting more users at risk.
And while the outcome of said malware remains the same as in most cases of cyber-crime, victims are less likely to report the crimes to anyone because of the stigma associated with admitting to looking for or watching porn.
Kaspersky Lab researchers spotted at least 27 variations of PC malware, belonging to three infamous families, specifically designed to hunt for credentials to paid-for porn websites. Among these malware, where banking trojans that had been modified to steal adult website credentials, cyber-criminals also used phishing attacks to obtain the stolen credentials as well.
The firm's Naked Online report found that in 2017, these malicious families were seen more than 300,000 times attempting to attack more than 50,000 PCs across the world. The motivation for the stolen credential market is maybe price of legitimate services as an annual unlimited account could cost as much as US$ 119.99 (£85) or US$ 9.99 (£7) per month. The desire for anonymity could also be a driving factor as users may not want to deal with purchasing showing up on bank statements.
It's also worth noting the average list prices on the dark market for an unlimited account are usually one tenth of the official costs, a stark contrast to other services and products sold which often command a premium. In addition to the low prices, the accounts were being sold in almost unlimited numbers.
Researchers spotted more than five thousand unique sales offerings during the course of their researcher and speculated that many of the breached credentials may have come from the sites themselves.
Since 2016 more than 72 million sets of account credentials for adult content websites were stolen and later appeared online from sites including Cams.com (62.6 million), Penthouse.com (7.1 million), Stripshow (1.42 million), 380,000 of xHamster accounts, and about 791,000 from Brazzers data.
The top five most most-often sold credentials were those for accounts on Naughty America (2,575 sales offers), Brazzers (1,228 sales offers), Mofos (789 sales offers), Reality Kings (294 sales offers), and Pornhub (153 sales offers). Researchers said it's important to not view the ranking as some sort of testament to the security of the sites, but more so as a testimony to the popularity of the sites.
Despite the vast market for stolen credential, researchers warn purchasers of the stolen content put themselves at risk buying stolen credentials is illegal and it's likely the credentials will have already been blocked by the time they are purchased.
“Whatever the motives are behind the development of malware to hunt for porn-account credentials, it is obvious that users of these kinds of websites are of interest to cyber-criminals,” researchers said in the report. “This fact is further substantiated when we look at malware aimed at Android users.”
Researchers also found mobile malware is making extensive use of porn to attract users as they identified 23 families of malware using porn content to hide malicious clickers, rooting malware, and banking Trojans. The majority of the malware was targeting Android users.
Many of the malware targeted financial data, subscribed users to fake porn subscriptions, used premium SMS services, and exposed users to ransomware.
To avoid infection, researchers recommend users only use trusted websites especially when it comes to viewing adult content, avoid installing Android apps from unknown sources despite what the app promises, and use trusted security solutions.