Cyber Incident Victim: Just For Men

On or around September 20, 2016, the official website for Just For Men (justformen[.]com), a company specializing in men’s grooming products, was observed distributing malware to visitors through a drive-by download attack. Malwarebytes researchers identified that attackers had compromised the website’s homepage by injecting obfuscated code, which initiated a redirection chain characteristic of the EITest campaign. This malicious code leveraged a Flash file as part of its redirection mechanism, a known signature of EITest infrastructure, to funnel visitors to the RIG exploit kit. The RIG exploit kit subsequently delivered a password-stealing Trojan to affected systems. At the time of the incident, RIG had surpassed Neutrino as the most prevalent exploit kit in active use, capitalizing on the latter’s reduced activity following the decline of the Angler exploit kit. The attack did not require user interaction beyond visiting the compromised site, enabling silent exploitation of vulnerabilities to deploy the final payload.

Malwarebytes’ automated detection systems initially flagged the malicious activity originating from justformen[.]com. Researchers later confirmed the attack through controlled lab analysis, documenting the full infection chain from initial redirection to Trojan deployment. Technical analysis revealed the attack’s reliance on EITest’s evolving URL patterns and Flash-based gate mechanisms to evade detection. While the article did not specify remediation actions taken by Just For Men’s operators, Malwarebytes published a detailed traffic capture and video demonstration of the attack for further analysis. The incident exposed visitors to credential theft risks through the distributed Trojan, though the exact number of impacted users or additional post-exploitation activities were not disclosed in the available source material. Malwarebytes’ report emphasized the continued prevalence of exploit kits targeting legitimate websites as attack vectors during this period.