This alert may not be shared outside your organization, Do Not Repost or send, place on other websites, List servers, or send to others via email, including other associations or parties. Members and Law enforcement use only. Contact us for any permissions. To do otherwise will result in the loss of membership.
Complete Story
04/15/2018
Thousands of compromised websites spreading malware via fake updates
The State of Security
Malicious hackers have been exploiting thousands of legitimate websites since at least December 2017 in a sophisticated campaign that has disguised malware as fake software updates.
Security researchers at MalwareBytes report that they have uncovered evidence of thousands of compromised websites running popular content management systems (CMS) such as SquareSpace, WordPress and Joomla.
Having injected malicious code into a website by exploiting unpatched or vulnerable CMS installations, a typical attack will see visiting users greeted by an authentic-looking message inviting them to install an update for their Chrome or Firefox browser or – if they are running Internet Explorer – install a patch for Adobe Flash.
Ultimately, the intention is to install malware onto the targeted computer. In some instances seen by researchers, this is the Chthonic banking malware; on other occasions, it’s trojanised remote access applications that act as backdoors.
Unlike many other attacks seen on the internet, the “FakeUpdates” campaign goes to great efforts to avoid drawing attention to itself.
Alerts
The FRPA alert system distinguishes us from other groups by gathering and providing information to law enforcement, retailers AND financial institutions.
more information
Resources
Your electronic library to help in fighting financial fraud for all of our partners.
more information