Trojans stealing porn site accounts

Porn is an inherently awkward subject: Many watch, but few will admit it. Cybercriminals exploit that to the hilt. Adult-themed scam techniques abound, from blackmail and sextortion to malware disguised as adult apps.

Our experts have found that another porn-related threat grew visibly in 2018: account hijacking on adult sites. In comparison with 2017, the number of attacked users doubled, with a total of 110,000 users targeted. The number of attacks grew even faster, almost tripling to reach 850,000.

Adult websites are often seen as a security threat, but few know that Trojans could be after their porno site accounts

Why would anyone steal your porn site account?

You might think no one has a use for your adult website account. After all, it is neither an online store, where a criminal can make purchases in your name, nor an online banking dashboard, nor an e-mail account, which could be used to take control of the rest of your accounts. However, porn-site-login-and-password hijacking continues to be a dynamically growing business.

Scammers are primarily interested in premium accounts that provide access to exclusive content. Bona fide users buy subscriptions, and it costs them a pretty penny. For example, at the time of this writing, Brazzers charges $30 monthly, $60 quarterly, or $120 annually. Scammers can make good money by stealing premium account credentials and selling them on the black market.

Banking Trojans’ naughty hobby

If you think that scammers use special programs for stealing passwords to porn site accounts, you are wrong. Attacks usually employ banking Trojans, or simply “bankers,” a type of malware that specializes in hijacking online banking or payment system accounts. Lately, these programs have been increasingly adapted to new applications. Thus, in 2018, three financial malware families, Gozi, Jimy, and Ramnit, not to mention veterans Betabot and Panda, got into porn sites.

Banking Trojans typically track the Web pages you visit to obtain your login and password. Whenever the malware detects a website of interest — in this case, an adult portal — it starts grabbing everything that you enter on the page. In other words, if you try logging in, your credentials will fall into the scammers’ hands.

How to keep your porn site account safe — and other accounts too

Adult sites may be “special” in the eyes of society, but you can use the very same tools and strategies that help you keep your account on any other website safe:

  • Do not download apps or browser extensions from untrusted sources.
  • Always check the address of the website you are about to log in to. If the URL looks fishy, don’t enter your login or password.
  • Speaking of passwords: Keep them long and complex, or the account might get stolen with no malware involved. It is best to set a different password for each website, so scammers cannot hack all of your accounts after just one Web service gets leaked. Hate memorizing so many passwords? Consider using a password manager.

  • Install a robust protection solution on your computer, capable of identifying and suppressing banking Trojans. It will prevent scammers from stealing your credentials or recording an intimate video with your webcam — even if you accidentally download a malicious file.

If you want to learn more about the threats associated with adult content and how they have evolved over the year, read our experts’ report at Securelist.com.