subscribe: Posts | Comments

Fake Patch Infects Your Computer With Malware

0 comments
Fake Patch Infects Your Computer With Malware

The security issues, known as Meltdown and Spectre, are probably the worst bugs found in processors ever and they might fundamentally change how chips will be designed moving forward.

Have you ever heard of malware called Smoke Loader? It’s a malicious program that is used to download and install more malware on a victim’s computer.

If you are unfortunate enough to have Smoke Loader installed in your gadget, it will spring up a Pandora’s box of malware nasties, from annoying adware to the more nefarious types such as spyware or data miners.

Sounds bad enough, right? Well, it appears that the bad guys are currently disguising Smoke Loader as a security patch for the Spectre and Meltdown chip bugs, hoping to dupe people into inadvertently installing it.

Cybersecurity firm Malwarebytes first spotted the masquerading malware on a phishing website claiming to be an arm of the German Federal Office Information Security (BSI). This rogue website tries its absolute best to look official; it even has HTTPS enabled and an SSL security certificate to boot.

Upon landing on the fraudulent site, an unsuspecting visitor is greeted with advice and information about the effects of the Spectre and Meltdown bugs. Lurking within one of its “helpful” links is a ZIP file containing a patch called “Intel-AMD-SecurityPatch-10-1-v1.exe.” Don’t let that self-important file name fool you – it’s actually the Smoke Loader installer made incognito!

If you fall for it and install the “patch,” Smoke Loader gets loaded on your computer and starts contacting Russian-hosted domains for additional malware to install.

Malwarebytes also stated that the fake patch is related to another common source of software deception – the infamous fake Adobe Flash Player update.

Thankfully. Malwarebytes have already contacted Comodo and Cloudflare about the fake site and it is no longer reachable as of this writing.

Issuing fake updates and software is a widely used tactic by cybercriminals to get people to install malware unwittingly so be extra vigilant against software that you download straight off the web.

As evidenced by this deceptive Smoke Loader downloader, even the presence of the HTTPS lock and a valid SSL certificate will not guarantee that a website is safe, so don’t rely on them for your protection. In fact, cybercriminals are increasingly using HTTPS for their phishing websites.

Keep in mind that HTTPS and a valid SSL certificate simply mean that the traffic between your computer and the website is secure but it does not mean that the website itself is safe.

Leave a Reply