Malicious hackers have been exploiting thousands of legitimate websites since at least December 2017 in a sophisticated campaign that has disguised malware as fake software updates.
Security researchers at MalwareBytes report that they have uncovered evidence of thousands of compromised websites running popular content management systems (CMS) such as SquareSpace, WordPress and Joomla.
Having injected malicious code into a website by exploiting unpatched or vulnerable CMS installations, a typical attack will see visiting users greeted by an authentic-looking message inviting them to install an update for their Chrome or Firefox browser or – if they are running Internet Explorer – install a patch for Adobe Flash.
Ultimately, the intention is to install malware onto the targeted computer. In some instances seen by researchers, this is the Chthonic banking malware; on other occasions, it’s trojanised remote access applications that act as backdoors.
Unlike many other attacks seen on the internet, the “FakeUpdates” campaign goes to great efforts to avoid drawing attention to itself.