Exploit Kit Starts Pushing Malware Via Fake Adult Sites

[LASER_oneXM]

Content source

https://www.bleepingcomputer.com/news/security/exploit-kit-starts-pushing-malware-via-fake-adult-sites/

Spelevo exploit kit's operators have recently added a new infection vector as part of their attacks, attempting to social engineer potential targets into downloading and executing addition malware payloads from decoy adult sites.

This exploit kit was initially spotted by security researcher Kafeine back in early March 2019 and it has been used as a delivery platform for the infamous IceD and Dridex banking trojans as Cisco Talos found in June, and to drop Maze Ransomware payloads as researcher nao_sec discovered.

While normally exploit kits will only redirect victims to a landing page using a traffic direct system (TDS) and hit them with an exploit designed to abuse vulnerable apps on their computer, this time the attackers behind Spelevo EK decided to include a new social engineering tactic as a backup infection vector.

 

[Antus67]

Adult sites are a haven for numerous exploits, viruses you name it!!! You have to ask yourself is it worth it???

 

[ForgottenSeer 823865]

Adult sites are like every others, just pick a reputable one LOL.
And the well appreciated sites for malware writers to deliver their malware are wallpapers and others desktop customization sites which often requires to install the wallpaper/screensaver/theme.