Malwarebytes has uncovered a continuation of the SSL malvertising campaign that they had already found on major websites like Yahoo.com and MSN.com.
In a blog post, Jerome Segura, senior security researcher, Malwarebytes said: "We observed the Microsoft Azure and RedHat cloud platforms and now are seeing IBM’s Bluemix being leveraged by threat actors who enjoy the free HTTPS encryption that it provides them in the delivery of malicious code."
It has documented an attack on one particular site, xHamster.com, which serves up a malicious advert for a dating website. The malware includes checks to avoid honeypots and security researchers.
The firm has also documented a ransomware attack via malvertsing on the same adult website. It produces a website claiming to be from Interpol and the NSA, and that the computer is making audio and video recordings.
xHamster.com has nearly half a billion users every month. The firm that serves the adverts has been notified and has taken steps to remove the malware.