Jump to content

Fake Adult Sites Pushing Unwanted Extensions, Miners, and Adware


Recommended Posts

Adware, PUPs, and unwanted extensions are being promoted through sites that pretend to be adult video sites. When a visitor tries to play a video, a fake video player popup will be displayed that states you must download and install an updated media player to see the video. This "media player", though, just installs unwanted programs onto your computer or redirects you to unwanted chrome extensions.

 

These fake sites consist of autogenerated pages based on popular celebrity or adult star keywords so that they can get as many pages as possible into search engines. When a user clicks on these links and tries to play the video, they are shown a fake video player like the one below.

 

https://s7d2.turboimg.net/sp/fd61cab1dd83f4122af97ef6cceb33e2/fake-video-browser.jpg

Fake video player

 

This video player will state that there was an error playing a video and that you need to download a media player to properly watch the video. The full text of this alert is shown below.

Quote

Video Object Error: Your browser cannot display this video. Please update Media Player to watch this video.

ATTENTION:

1. Download Media Player.exe (version 10.5.8) to play video.

2. Click the Button to install missing plugin. Don't forget to run installer after download.

 

If a user clicks on the message, they will either download an adware installer or be redirected to another site pushing unwanted chrome extensions. One of the extensions being promoted contains scripts that perform in-browser mining.

 

These adware installers bundle free and legitimate programs in order to bundle their "offers" to those who install the software. For example, in one of the adware bundles I tested, it was pushing the free AIMP media player.

 

https://s7d5.turboimg.net/sp/3a3ca4025e268e934a68fc633b5718c1/adware-installer.jpg

 

Adware Installer Pushing the Free AIMP Program

 

One of the offers show when testing the adware bundle is a "Search Offer" that installs a Chrome Extension on to the computer.

 

https://s7d3.turboimg.net/sp/54090a235adad7f3272a378f79ad2f9a/search-offer.jpg

Search Offer

 

Another offer was for Avast.

https://s7d1.turboimg.net/sp/f1fe0b236765392b6c1da744d5b767b3/avast-offer.jpg

Avast Offer

 

As these sites are created only to push unwanted software on a visitor, rather than actually showing a video, they should be avoided. Even more important, if you run into a site that tells you that you need to install a piece of software to properly use it, I would instead find a site that does not require you to install software before using it.

 

As this tactic is all too often used to trick people installing malware onto their computer, it is important to recognize these types of social engineering attacks.

 

Source

 

Link to post
Share on other sites
  • Replies 1
  • Created
  • Last Reply

Top Posters In This Topic

  • steven36

    1

  • Archanus

    1

Popular Days

Top Posters In This Topic

Oh, the classic way to infest the machine jajajaja The noob (10 o 13 year old children) or the senior people (50 or 60 year old) are the best candidates for that spyware XD !!! 

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...