Fake Meltdown & Spectre Websites Target Users With Fake Patches

In a hardly surprising development, cyber criminals are looking to take advantage of the publicity surrounding the Meltdown and Spectre chip vulnerabilities by ensnaring users with phishing scams.

Researchers at cybersecurity firm Malwarebytes have discovered one such attempt targeting German users with fake guidance and patches through an official-looking website.

“While it appears to come from the German Federal Office for Information Security (BSI), this SSL-enabled phishing site is not affiliated with any legitimate or official government entity,” said researcher Jerome Segura.

Meltdown and Spectre scam

On the site is a link to a ZIP file alleging to be a patch for systems powered by Intel and AMD chips. Instead it is actually the Smoke Loader malware which once installed loads other payloads. Malwarebytes observed the software attempting to connect to various domains and send encrypted information.

The firm’s analysis also found that the abused SSL certificate associated with the ‘.bid’ domain was also linked to a German template for a fake Adobe Flash update.

“We immediately contacted Comodo and CloudFlare to report on this abuse and within minutes the site did not resolve anymore thanks to CloudFlare’s quick response,” added Segura. “Malwarebytes users were already protected at zero-hour against this malware.”

“Online criminals are notorious for taking advantage of publicized events and rapidly exploiting them, typically via phishing campaigns. This particular one is interesting because people were told to apply a patch, which is exactly what the crooks are offering under disguise.

“Also, remember that sites using HTTPS aren’t necessarily trustworthy. The presence of a certificate simply implies that the data that transits between your computer and the site is secure, but that has nothing to do with the intentions or content offered, which could be a total scam.

Loading ...

Meltdown and Spectre affect just about every single processor made over the past 20 years, causing emergency fixes and mitigations to be released for Windows, Mac, iOS and Android. Chips made by ARM manufacturers and AMD are also impacted.

Essentially, the vulnerabilities affect the kernel of the chips and could allow an attacker to read information that should otherwise be inaccessible. This means an attacker could obtain passwords, encryption keys or steal information from other applications.

Chip manufacturers, cloud providers and operating system developers have rushed to mitigate and fix the patch, which can cause a slowdown in performance on some systems, and it has been suggested that the patches are causing more problems than the threats they are supposed to fix.

Quiz: What do you know about ARM Holdings?

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

NHS Challenged Over Data Contract With Palantir

Contract between NHS and data mining firm Palantir now at centre of lawsuit filed by…

2 hours ago

California Can Enforce Its Own Strict Net Neutrality Law

Open Internet Victory? Ruling from US federal judge rejects attempt by US broadband providers to…

3 hours ago

Australia Passes Amended ‘Media Bargaining Law’

Australia becomes first country in the world where a government arbitrator can set prices tech…

6 hours ago

Facebook Oversight Board Confirms Appeal Over Trump Ban

Unnamed 'user' files appeal with Facebook's Supreme Court (the Oversight Board) against the 'indefinite' ban…

7 hours ago

Facebook To Invest $1 Billion In News Industry

After the very public row with the Australian government, Facebook confirms it is investing $1…

1 day ago

EU Opens Consultation On Gig Economy Worker Rights

After UK's top court rules Uber drivers are workers, European Commission begins consultation on gig…

1 day ago