Visitors to adult website PornHub may have been infected by malware after hackers infiltrated the site's advertising supply chain, according to researchers.

The recent large-scale attack "exposed millions of potential victims in the US, Canada, the UK, and Australia" to malware, said experts from cybersecurity firm Proofpoint.

Known as malvertising - a portmanteau of "malicious" and "advertising" - the attack saw hackers hijack advertising platforms to deliver fake browser updates for the three most popular Windows browsers.

Because advertising inventory can appear on high-profile websites, criminals are increasingly attempting to hijack these platforms to inject malware into a large number of victims' computers.

The sophisticated filtering that ad networks offer to vendors can also be used by cyber criminals to target users running specific software containing vulnerabilities that can be exploited.


The attack affecting PornHub and its advertising network was committed by a group known as KovCoreG, said Proofpoint, which attempted to infect browsers with the Kovter ad fraud malware.

Advertising fraud is so prevalent on the internet that some advertisers only receive $0.01 for every $1 of impressions they pay for, according to independent ad fraud expert Dr Augustine Fou.

Image: Hackers tried to make PornHub users download fake browser updates. Pic: Proofpoint

The cyber criminals created fake advertisements that would appear as security warnings on the Chrome, Firefox and Edge web browsers - telling users they needed to apply a critical update.

The fake advertisements encouraging users to infect themselves with the Kovter malware "could just as easily have been ransomware, an information stealer, or any other malware", said Proofpoint.

"Regardless, threat actors are following the money and looking to more effective combinations of social engineering, targeting, and pre-filtering to infect new victims at scale," the company added.

It said that PornHub acted swiftly when notified of the malvertising to protect users.

PornHub did not immediately respond to Sky News for comment.