Sex, Work, And Malware: Malware that steals account credentials on adult websites drastically increased in 2018

Porn Malware Spreading

The number of advertisements selling logins for hacked accounts on adult websites has doubled in 2018, according to Kaspersky Laboratory.

According to a report released today by Kaspersky Labs, the number of detections of malware strains hunting for login credentials on adult – themed websites tripled in 2018, while the number of advertisements selling access to hacked accounts on porn portals doubled.

The number of attacked users doubled in 2018, reaching more than 110,000 PCs worldwide, “said Kaspersky researchers.” The number of attacks nearly tripled to 850,000 attempts at infection. Last year, several malware families were configured to search for login credentials on adult sites, but, according to Kaspersky, the most active was the Jimmy Trojan, a lesser known family of malware, which is spread primarily via email spam.

This was somewhat surprising for researchers when compared to 2017, when three very large cybercrime operations were the most active strains – namely the banking trojans of Betabot, Neverquest and Panda.

But this wasn’t the only significant change in the harvesting of adult site logins. Another new development was that in 2018 the majority of porn login hunting malware focused on stealing credentials from just two sites – Pornhub and XNXX. This differed from last year when malware targeted more sites, such as Brazzers, Chaturbate, Pornhub, Myfreecams, Youporn, Wilshing, Motherless, XNXX and X – videos.


Source: KasperSky Lab

The reason cyber – criminal groups bothered to collect these credentials was that they were looking for premium accounts that could later be hijacked from legitimate owners and sold on underground forums and Dark Web markets.

Premium accountson adult portals can cost up to $ 30 a month or $ 150 a year, but crooks re – sell hacked accounts for only a small portion of their original price. Regardless of the account type, prices range from $ 3 to $ 9 per offer in 2017. Kaspersky said they analyzed the top 20 Dark Web markets and found more than 3,000 credential offers for websites with adult content.

The findings of the report do not shock anyone in the field of cyber security, where adult content is one of the main attractions cyber – criminal groups prefer to use to attract 

users to malicious sites or to open booby – trapped and malware – laced files.


The rest of the findings of Kaspersky are below:

Online pornography searches have become safer: In 2018, 650,000 users faced online attacks. That’s 36 percent less than when more than a million of these attacks were detected in 2017.

  • Cybercriminals use popular porn tags in search results to promote malware. Of all the malware disguised as porn, the 20 most popular make up 80 percent. Overall, in 2018, 87,227 unique users downloaded porn-disguised malware, with 8 percent using a corporate instead of a personal network.
  • In 2018, the number of attacks using malware to hunt for credentials granting access to pornography websites increased nearly three times compared to 2017, with more than 850,000 attempts to install such malware. The number of attacked users doubled, with 110,000 PCs worldwide attacked.
  • The number of unique sales offers for premium accounts on websites with adult content almost doubled to more than 10,000.
  • On Android devices, 89 percent of infected files disguised as pornography turned out to be AdWare.
Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.