Warning: This Porn Site Installs Malware On Your Device
A new and highly deceptive cyberattack is tricking users by disguising itself as popular adult websites, leading to a malicious software installation on personal computers. Security researchers have identified this campaign, which uses convincing replicas of sites like xHamster and PornHub to lure visitors. Once a user clicks, their entire screen is hijacked by a fake but realistic Windows update screen, complete with progress animations, pressuring them to install what is actually dangerous malware.
The attack, dubbed “JackFix,” merges screen hijacking methods with ClickFix strategies, presenting a full-screen “Critical Windows Security Updates” prompt. This tactic is designed to exploit the user’s psychological state, visiting such sites often creates a sense of urgency or embarrassment, making individuals more likely to follow unexpected security instructions without questioning their legitimacy.
Previously, ClickFix attacks relied on fake captchas or tech support pop-ups. Now, by using cloned adult content platforms, attackers have found a powerful new hook. The screen takeover occurs entirely within the web browser, displaying an authentic-looking update process that many would mistake for a legitimate system notification. Experts note that while the screen hijacking method in this context is novel, the underlying principle has been used in cyber scams for over fifteen years.
Staying protected is straightforward: avoid clicking on links to adult sites sent via email, messages, or pop-ups. Instead, navigate directly to trusted websites through your browser. Never copy, paste, or execute any code prompted by an attachment, link, or unexpected pop-up window.
Separately, security teams are tracking another campaign where an infostealer is delivered using a similar in-browser fake Windows update, this time abusing the Fullscreen API. In a different instance, malware like LummaC2 and Rhadamanthys is being distributed through steganography, where malicious code is hidden within the pixel data of PNG image files. Specific color channels are used to reconstruct and decrypt the harmful payload directly in the device’s memory.
While this porn-site malware is a genuine threat, a more common danger involves extortion emails. These messages falsely claim that the sender has recorded the recipient’s internet activity, including visits to adult sites, and threatens to share the footage with their contacts unless a payment is made. A recent example begins with, “About few weeks ago I have gained a full access to all devices used by you for internet browsing,” and often uses email spoofing to make it appear as if the message came from the victim’s own address.
Do not be alarmed by these extortion attempts. If a device were truly compromised, attackers would typically provide clear evidence. Never pay any ransom, click on included links, or reply to the email. The safest response is to ignore the message and delete it immediately.
(Source: Forbes)
