UK singles looking for love could be the latest victims of a malware breach on popular dating site, Match.com, which boasts millions of users worldwide.
Visitors to the site are at risk from malware which could steal personal information, send spam emails and operate silently within their devices without their consent, claimed security research group Malwarebytes, who reported the attack to Match.com last night.
A spokesperson for Match.com said: “We take the security of our members very seriously indeed. We are currently investigating this alleged issue.”
How does the alleged match.com malware work?
The breach is believed to involve shortened Google URLs, which the hacking team use to install an Angler exploit kit to plant Bedep ad fraud Trojans through adverts on the site.
Once a computer is infected with a Bedep Trojan, it will make a high volume of requests to rogue advertising networks. These networks eventually take users to a host, which will redirect them to another exploit kit, which re-infects the system with malware.
This virus-like network spreads, unbeknown to the Match.com profile user, or owner of the computer or device. The revelations will be detailed in a blog post by Malwarebytes this evening.
Website visitors are also at risk from CryptoWall ransomware - a sophisticated Trojan that will encrypt files on a user’s computer and hold them ransom, according to Malwarebytes. CryptoWall passes users to a site where users can pay for files on their computer to be decrypted. Users can be told to pay $500 in order to free files on their computer.
Those looking for love with outdated browsing software or a plugin such as Flash, Silverlight, Reader, Java on their computers do not even have to click on one of the fraudulent ads on the network. The malware simply silently loads, locks files on the computer and a few minutes later a message demanding the ransom is sent, Malwarebytes explained.
It's thought that Match.com has 27.3 million site visitors worldwide every month, according to SimilarWeb, and around seven percent (5.5 million) of these are based in the UK. Match.com was unable to confirm these numbers.
The malvertising campaign was live on the site when Malwarebytes shared information about the attack with Techworld.
It's likely that Match.com will explore the idea of disabling UK adverts as a precautionary measure.
Around this time last year, Dell Secureworks estimated that CryptoWall ransom Trojan had infected 625,000 systems.
Jérôme Segura, senior security sesearcher at Malwarebytes, said: “The cost per thousand impressions (CPM) for the booby trapped ad was only 36 cents, which is nothing compared to how much infected computers can bring in terms of revenues. For instance, CryptoWall demands $5oo per victim.
“We alerted Match.com and the related advertisers but the malvertising campaign is still ongoing via other routes.”
The attack follows the now infamous Ashley Madison hacking saga, which saw 37 million adulterers' personal information leaked online.
The adultery website, whose tagline is “Life is short. Have an affair,” is owned by Avid Life Media, responsible for Established Men, Swappernet (a swingers' site) and The Big and the Beautiful (a site for larger singles).
One document leaked by The Impact Team included the website’s source code, which reveals interactions between users. Upon analysis, the code made clear that Ashley Madison’s developers had created fake female profiles - or bots - to interact and entice men into paying to use the service.
Additional reporting by Sam Shead.