PRIVACY

Visitors To Major ‘Fappening’ Forum Exposed to Malware

And just after users' personal details were exposed in a hack

PRIVACY
(Illustration: Diana Quach)
Apr 19, 2016 at 2:28 PM ET

Masturbators with a penchant for revenge porn may be in for a taste of their own medicine. According to analysis from security researchers at Malwarebytes Labs, thefappening.so, one of the most popular sites hosting images from 2014’s “the fappening,” appears to have a malware problem.

The site is a legacy of an incident in 2014 in which untold numbers of individuals excitedly shared nude photos of female celebrities, most of which had been hacked from their iCloud accounts. Earlier this year, Ryan Collins pleaded guilty to a hack matching the description of the fappening—though the Department of Justice refused to explicitly confirm his role, if any, in the celebrity hack. Collins faces a recommended 18 months in prison.

This isn’t the first bad news for thefappening.so visitors. In December, the site was hit with a major data breach. According to security researcher Troy Hunt, some 179,000 accounts were exposed, revealing names, emails, gender, and date of birth of those masturbators. Hunt indicated some government employees even used their government email addresses to register.

Now, the popular site, devoted to sharing intimate photos of women without their consent, has been hosting “malvertisements,” researchers say—meaning malware, such as ransomware or a virus, is hidden as an ad on the site, and can hijack a phone and demand its owner pay a fee before it’s useable again.

According to security researcher Chris Boyd, that malware is often pretty thinly veiled. Boyd noted that visitors to thefappening.so using Android devices, for instance, can be greeted with a pop-up ad inviting the user to download a program ostensibly called Porno Tube, though it’s actually a well-known trojan virus called SLocker. This is far more invasive than the simple pop-ups that plague many pornographic site, and can encrypt a phone’s contents until its owner coughs up a fee.

Other apparent ads redirect visitors to “ransomware” sites, where users find it difficult or impossible to navigate away from the page without paying a fine. Many of sites, which mimic official organizations, feature comically overwrought messages: The background of one such site is stamped with the U.N. logo. It accuses the user of disseminating “banned pornography,” in violation of U.S. law, and then demands a $100 iTunes gift card as restitution.

Though the researchers found most malvertisements appeared only for Android users, Boyd told Vocativ that Mac users were sometimes redirected to Mackeeper, a program which purports to optimize a user’s OS, but which is widely claimed to slow and crash some Mac computers after installation. Though Mackeeper isn’t technically malware, the company paid $2 million to users after being sued in a class-action lawsuit for false advertising.

And there may be even more malvertisements on the site. “While we haven’t yet seen anything Windows-specific, it wouldn’t be a stretch to assume they may also be out there,” Boyd added. “The adverts aren’t just mobile-centric.”

It’s unclear just how popular thefappening.so is. Some forums are still actively updated, while others have languished since the frenzy of 2014. The site’s administrators didn’t respond to Vocativ’s request for comment, and have registered the site in a way that keeps the webmaster’s identity private. Analytics sites vary wildly in their estimates of how many daily visitors the site receives, though most figure tens of thousands, if not hundreds of thousands.

thefappening.so’s administrator didn’t respond to request for comment. Perhaps his hands were busy.