The second largest porn site in the world, xHamster, who accumulates a staggering half a billion hits each month has been hit by a massive malvertising campign infecting tens of thousands. Malicious ads were caught distributing the dangerous Angler Exploit Kit.

xHamster, the second largest porn site on the net has been hit my a massive malware campign, so severe that simply visiting the site could lead to your machine being infected if the PC or plugins are not up to date, according to Malwarebytes security firm.

As seen in past malware-based ad attacks, malicious actors “booby trapped” advertisements and distributed their malware throughout several real and fake ad campaigns. One advertisement, which appeared as a legitimate modeling ad, was found masking their malicious ads with Google’s URL shortener (goo.gl), masquerading the URL.

Attackers were found serving their ads through TrafficHaus, an adult ad provider. Malwarebytes contacted the ad provider and was met with a successful takedown in less than 24 hours.

Upon executing the simple ad script, the code triggered to load the URL serving up the Angler Exploit Kit, a malicious toolkit that abuses the computer through a set of vendor vulnerabilities.

To minimize malvertisers risk of detection, hackers had the redirection chain set to execute once per IP address, meaning repeat visitors were never shown the same advert or served with the infection again. Helping lower the risk of detection, alongside aiding infect a portion of the amass 514 million monthly viewers the site receives.

Additionally, before executing, the webpage will scan the victims computer for any sign of an antivirus such as Norton or Kaspersky before allowing the exploit to trigger. Again, lowering the overall possibility of detection close to zero.

“Angler EK has been one of the most active and advanced exploit kits in recent months,” Jérôme Segura, senior security researcher at Malwarebytes wrote in a blog post Monday. “As an end user, you need to ensure that your computer is fully patched and that you are using the right tools to protect your assets.”

xHamster is one of the largest adult sites on the net today, ranking among Alexa’s 67th largest site on the Internet.

This is not the first time xHamster has been hit with a massive malware campign. Back in January, the same ad network was found distributing malware to the massive adult site once again, following nearly the exact tactics the recent attack perpetrated. The two attacks are presumably related.

The company helping distribute the malicious ads has since been contacted and has halted all malicious ads on the adult site.

[Photo credit via Malwarebytes Unpacked]