A month ago, Malwarebytes reported that adult site RedTube had been compromised and was infecting unsuspecting visitors with malware.
That issue was swiftly fixed, but now the security firm reports another adult site, Xtube, is currently serving exploits.
While attacks of this nature usually come via malicious advertising (malvertising), in this instance the nasty snippet of code has been injected directly into Xtube itself.
Visitors get redirected to an exploit landing page via rotating domains. The payload has been identified by Malwarebyes as Trojan.MSIL.ED.
Adult sites are a fairly obvious target for these kinds of attacks due to their enduring popularity. Xtube has an estimated 25 million monthly visitors, and the site is raked 358 in the United States, and 543 globally.
If Xtube acts as swiftly as RedTube did, then this will hopefully be a short lived problem, but visitors should ensure they avoid the adult site - or use protection - until it is.