Hackers are faking Meltdown and Spectre patches
Criminals are injecting legitimate-looking patches with Smoke Loader malware
While the likes of Google, Microsoft and chip manufacturers scramble to fix the Spectre and Meltdown vulnerabilities, hackers have been working on fake patches, riddled with malware and distributed via dubious websites claiming to be supported by security authorities.
This malware, known as Smoke Loader, looks to be an official patch but will actually let malware loose on your computer, posing potentially a greater threat than the original Meltdown and Spectre vulnerabilities.
The malware-infested patch was discovered by security firm MalwareBytes, which reported it found a particularly nasty variation on a German spoof site, sicherheit-informationstechnik.bid. The website offers advice about the vulnerabilities and then a download link with a zip file attached.
The download is called Intel-AMD-SecurityPatch-10-1-v1.exe - a filename that looks pretty legitimate, but when users install it onto their computer, they'll find it's actually laced with the Smoke Loader malware, causing the computer to connect to domains, sending encrypted information to them via additional payloads.
"The Subject Alternative Name field within the abused SSL certificate shows other properties associated with the .bid domain, including one that is a German template for a fake Adobe Flash Player update," researcher Jerome Segura wrote in a blog post.
He added the company contacted Comodo and CloudFlare to report the dodgy download and immediately, they stopped the malware from operating. The company added its own software protected against the malware immediately.
"Online criminals are notorious for taking advantage of publicized events and rapidly exploiting them, typically via phishing campaigns," Segura added. "This particular one is interesting because people were told to apply a patch, which is exactly what the crooks are offering under disguise."
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Image: Shutterstock
Clare is the founder of Blue Cactus Digital, a digital marketing company that helps ethical and sustainability-focused businesses grow their customer base.
Prior to becoming a marketer, Clare was a journalist, working at a range of mobile device-focused outlets including Know Your Mobile before moving into freelance life.
As a freelance writer, she drew on her expertise in mobility to write features and guides for ITPro, as well as regularly writing news stories on a wide range of topics.