Threat actors are launching the Spelevo exploit kit with a decoy adult site, social engineering users into downloading a malicious video player. The fake video player turns out to be Qbot/Qakbot, which is also one of the payloads distributed by the exploit kit. In one campaign, we saw a malvertising attack on a site that draws close to 50 million visitors a month. Victims were already engaged with the content and may not even realize that an exploitation attempt just happened. Malvertising campaigns are placed on tier 2 adult websites that still drive a lot of traffic.”]