Porn Site Was Exposing Potentially Tens of Millions of People to Viruses

Hackers breached RedTube, a pornographic website with about 300 million visits a month, to navigate users over to a webpage with spyware.

The source code of RedTube’s main page was modified to include a hidden piece of redirection code. That in turn led to a hacking toolkit. The exploit kit is used for stealing personal information as well as bombarding users with pop-up ads, some of them malicious.

“The code is executed inside of an iFrame, which is basically like a browser window inside of your browser window that can point to any website the attacker wants,” explained researchers at Malwarebytes, in an analysis. “In this case the iFrame is set to be completely invisible to the user.”

The existence of the iFrame in the main page source code suggests that RedTube servers were likely hacked by malicious actors who had access to the main page source code already. They simply added the malicious code and then set it loose on RedTube users.