Adware, PUPs, and unwanted extensions are being promoted through sites that pretend to be adult video sites. When a visitor tries to play a video, a fake video player popup will be displayed that states you must download and install an updated media player to see the video. This "media player", though, just installs unwanted programs onto your computer or redirects you to unwanted chrome extensions.
These fake sites consist of autogenerated pages based on popular celebrity or adult star keywords so that they can get as many pages as possible into search engines. When a user clicks on these links and tries to play the video, they are shown a fake video player like the one below.
Fake video playerThis video player will state that there was an error playing a video and that you need to download a media player to properly watch the video. The full text of this alert is shown below.
Video Object Error:
Your browser cannot display this video. Please update Media Player to watch this video.
ATTENTION:
1. Download Media Player.exe (version 10.5. to play video.
2. Click the Button to install missing plugin.
Don't forget to run the installer after download.
If a user clicks on the message, they will either download an
adware installer or be redirected to another site pushing unwanted chrome extensions. One of the extensions being promoted contains scripts that perform in-browser mining.
These adware installers bundle free and legitimate programs in order to bundle their "offers" to those who install the software. For example, in one of the adware bundles I tested, it was pushing the free
AIMP media player.
Adware Installer Pushing the Free AIMP ProgramOne of the offers show when testing the adware bundle is a "Search Offer" that installs a Chrome Extension on to the computer.
Search OfferAnother offer was for Avast.
Avast OfferAs these sites are created only to push unwanted software on a visitor, rather than actually showing a video, they should be avoided. Even more important, if you run into a site that tells you that you need to install a piece of software to properly use it, I would instead find a site that does not require you to install software before using it.
As this tactic is all too often used to trick people installing malware onto their computer, it is important to recognize these types of social engineering attacks.
source