Hackers are faking Meltdown and Spectre patches

Criminals are injecting legitimate-looking patches with Smoke Loader malware

While the likes of Google, Microsoft and chip manufacturers scramble to fix the Spectre and Meltdown vulnerabilities, hackers have been working on fake patches, riddled with malware and distributed via dubious websites claiming to be supported by security authorities.

This malware, known as Smoke Loader, looks to be an official patch but will actually let malware loose on your computer, posing potentially a greater threat than the original Meltdown and Spectre vulnerabilities. 

Advertisement - Article continues below

The malware-infested patch was discovered by security firm MalwareBytes, which reported it found a particularly nasty variation on a German spoof site, sicherheit-informationstechnik.bid. The website offers advice about the vulnerabilities and then a download link with a zip file attached.

The download is called Intel-AMD-SecurityPatch-10-1-v1.exe - a filename that looks pretty legitimate, but when users install it onto their computer, they'll find it's actually laced with the Smoke Loader malware, causing the computer to connect to domains, sending encrypted information to them via additional payloads.

"The Subject Alternative Name field within the abused SSL certificate shows other properties associated with the .bid domain, including one that is a German template for a fake Adobe Flash Player update," researcher Jerome Segura wrote in a blog post.

He added the company contacted Comodo and CloudFlare to report the dodgy download and immediately, they stopped the malware from operating. The company added its own software protected against the malware immediately.

Advertisement
Advertisement - Article continues below

"Online criminals are notorious for taking advantage of publicized events and rapidly exploiting them, typically via phishing campaigns," Segura added. "This particular one is interesting because people were told to apply a patch, which is exactly what the crooks are offering under disguise."

Image: Shutterstock

Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement

Recommended

Over two dozen Android apps found stealing user data
Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020
Best antivirus for Windows 10
antivirus

Best antivirus for Windows 10

30 Jun 2020
Searching for a new job? That LinkedIn job offer may be fake
hacking

Searching for a new job? That LinkedIn job offer may be fake

19 Jun 2020
Evasive malware threats doubled in 2019
malware

Evasive malware threats doubled in 2019

24 Mar 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
Labour Party donors caught up in Blackbaud data breach
data breaches

Labour Party donors caught up in Blackbaud data breach

31 Jul 2020
How do you build a great customer experience?
Sponsored

How do you build a great customer experience?

20 Jul 2020