It looks like malware authors are using slighly modified tactics for spreading malware. In order to circumvent the website reputation services, they're now hosting malware redirectors on famous US university sites.Since such domains are usually trusted by both the users and the reputation services, this 'layer' of security is not effective for such a kind of attack. Since the academic world is also quite open and lets almost anybody upload anything, even completely unknowning users can setup programs and services in unsafe way. The names of schools and other identification details were removed from the following list:
And, how to get there? Simple, just ask for some porn based keywords on Google, and you should spot it in first 20 results:
This link leads just to the simple redirector page:
This page redirects users to another redirector, which then leads to the fake porn site with faked codec. And that's another story.
Avast researchers detect covert malware affecting multiple apps
Cryptocurrency mining malware, which also installs a malicious Chrome extension, hosted on GitHub for anyone to download.