Xtube visitors redirected to exploit kit landing page
Popular adult site Xtube has been compromised to redirect visitors to sites hosting an exploit kit.
“Unlike other attacks we have seen in recent times, this one does not use malicious ads (malvertising) to compromise users,” Malwarebytes researchers have noted. “Instead, it injects a malicious snippet of code directly into Xtube itself (dynamic, on-the-fly injection) with rotating domains.”
The ultimate landing page is one hosting the Neutrino exploit kit, which tries to exploit an Adobe Flash Player vulnerability in order to download and run the payload: a piece of malware detected either as a Trojan dropper or ransomware.
Unfortunately, currently only 12 of the 57 AV engines used by VirusTotal identify the fie (xtube.exe) as malware.
The site’s administrators have been notified of the compromise.