This article is more than 1 year old
Dating gets even more dangerous after PlentyOfFish suffers tainted ads
Browser vulnerabilities and unpatched Flash flaws set the stage
Miscreants managed to squirt malware at users of dating site PlentyOfFish after planting malicious code in tainted ads.
Users of PlentyOfFish are targeted by an array of fake adverts via the site’s ad network (as.360yield.com). This malvertising serves up content from booby-trapped sites.
The Nuclear Exploit Kit hosted on these sites takes advantage of browser vulnerabilities and unpatched Flash flaws to push malware onto the computers of surfers, net security firm Malwarebytes warns.
Indications are that the whole campaign was ultimately geared toward slinging the Tinba banking trojan.
“To clarify, the malware hasn’t breached any of PlentyOfFish’s servers, so all user information is safe at this point,” Jérôme Segura, senior security researcher at Malwarebytes, explains. “As mentioned, it’s just the ad network being used by the site, which is serving visitors the exploit and, by association, any malware.”
You don’t even need to click on the adverts – in fact, users are automatically targeted by using an attack that detects if your computer can be infected (via outdated software), and launches directly that way,” he added.
El Reg contacted PlentyOfFish’s PR representatives but we’ve yet to receive a reply, so it’s unclear whether or not the infection has been resolved.
PlentyOfFish attracts over 3 million users daily among a user base of 90 million, which the site claims makes it the world’s largest online dating site. The Vancouver, Canada-based operation was sold to the Match Group last month.
The attack against PlentyOfFish comes against the backdrop of the fallout from the data dump by hackers who breached cheaters’ hook-up website Ashley Madison, and the earlier attack against AdultFriendFinder. There’s nothing to link the three attacks directly, however it’s fair to say that dating and adult hook-up websites are very much in the firing line of hackers, so extra precautions ought to be applied. ®