Opportunistic hackers are loading fake Meltdowns and Spectre patches with malware
DIRTY HACKERS are jumping back on the spectre of Spectre and the Meltdown, er, meltdown by releasing fake patches stuffed with malware.
Distributing the malware through dodgy websites claiming to be supported by security authorities, the patches are being filled with Smoke Loader malware that essentially opens the door to other malware payloads, hence the ‘Loader’ bit of the name.
“Post-infection traffic shows the malicious file attempting to connect to various domains and sending encrypted information,” explained Jérôme Segura, lead malware intelligence analyst at Malwarebytes, who discovered the dodgy patches lurking on a site pretending to be affiliated with the German Federal Office for Information Security.
“The Subject Alternative Name field within the abused SSL certificate shows other properties associated with the .bid domain, including one that is a German template for a fake Adobe Flash Player update,” he added.
The fake patch, which is going by the name of Intel-AMD-SecurityPatch-10-1-v1.exe, could pose a bigger risk to computers than either spectre or the more serious Meltdown flaw which affects machines with Intel processors.
Segura dobbed the illegitimate website into Cloudflare and Comodo and noted that the site has now been taken down, which should stop the spread of the nasty patches.
But the analyst gives the impression that he doesn’t believe we’ve seen the last of hackers trying to take advantage over the worry Spectre and Meltdown are throwing up.
“Online criminals are notorious for taking advantage of publicised events and rapidly exploiting them, typically via phishing campaigns. This particular one is interesting because people were told to apply a patch, which is exactly what the crooks are offering under disguise,” he said.
To avoid falling foul of such cybercriminal tosspots, it’s worth being extra cautions where you download patches from and in the case of Meltdown it’s best to only trust official Microsoft and Intel fixes, though those aren’t yet infallible. µ
Source : Inquirer