In a hardly surprising development, cyber criminals are looking to take advantage of the publicity surrounding the Meltdown and Spectre chip vulnerabilities by ensnaring users with phishing scams.
Researchers at cybersecurity firm Malwarebytes have discovered one such attempt targeting German users with fake guidance and patches through an official-looking website.
“While it appears to come from the German Federal Office for Information Security (BSI), this SSL-enabled phishing site is not affiliated with any legitimate or official government entity,” said researcher Jerome Segura.
On the site is a link to a ZIP file alleging to be a patch for systems powered by Intel and AMD chips. Instead it is actually the Smoke Loader malware which once installed loads other payloads. Malwarebytes observed the software attempting to connect to various domains and send encrypted information.
The firm’s analysis also found that the abused SSL certificate associated with the ‘.bid’ domain was also linked to a German template for a fake Adobe Flash update.
“We immediately contacted Comodo and CloudFlare to report on this abuse and within minutes the site did not resolve anymore thanks to CloudFlare’s quick response,” added Segura. “Malwarebytes users were already protected at zero-hour against this malware.”
“Online criminals are notorious for taking advantage of publicized events and rapidly exploiting them, typically via phishing campaigns. This particular one is interesting because people were told to apply a patch, which is exactly what the crooks are offering under disguise.
“Also, remember that sites using HTTPS aren’t necessarily trustworthy. The presence of a certificate simply implies that the data that transits between your computer and the site is secure, but that has nothing to do with the intentions or content offered, which could be a total scam.
Meltdown and Spectre affect just about every single processor made over the past 20 years, causing emergency fixes and mitigations to be released for Windows, Mac, iOS and Android. Chips made by ARM manufacturers and AMD are also impacted.
Essentially, the vulnerabilities affect the kernel of the chips and could allow an attacker to read information that should otherwise be inaccessible. This means an attacker could obtain passwords, encryption keys or steal information from other applications.
Chip manufacturers, cloud providers and operating system developers have rushed to mitigate and fix the patch, which can cause a slowdown in performance on some systems, and it has been suggested that the patches are causing more problems than the threats they are supposed to fix.
Unnamed 'user' files appeal with Facebook's Supreme Court (the Oversight Board) against the 'indefinite' ban…