Security News > 2020 > November > Adult site users targeted with ZLoader malware via fake Java update
A malware campaign ongoing since the beginning of the year has recently changed tactics, switching from exploit kits to social engineering to target adult content consumers.
Malwarebytes monitored the Malsmoke campaign all year long delivering Smoke Loader - a malware dropper - via Fallout exploit kit until its track went cold on October 18.
Malwarebytes researcher note in their report that showing a Java update as a solution for video streaming issues is a strange choice since it's typically used for other tasks.
"The threat actors could have designed this fake plugin update in any shape or form. The choice of Java is a bit odd considering it is not typically associated with video streaming. However, those who click and download the so-called update may not be aware of that, and that's really all that matters" - Malwarebytes.
Dll - downloaded an encrypted variant of ZLoader and deployed it as the final payload. The malware went silent in early 2018 but resurged in more than 100 email campaigns in six months since December 2019.