Fake Website Updates Installing Malware

Several popular websites are being targeted with malware-laced updates. SquareSpace and Joomla are just two of the sites involved in a massive “FakeUpdates” campaign injecting malware disguised as security and software updates. Thousands of websites have recently become victims of the attacks and experts believe they go back to at least December of 2017.

Website content management systems (CMS) are currently in the crosshairs. The CMS involved here revolves around the creation and management of digital content. It’s usually in a collaborative environment with many users. That makes popular websites like WordPress prime targets for FakeUpdates. According to an Ars Technica report, visitors to these websites receive fake update notifications and the malware authors go to great lengths to remain undetected. They give only one update notice per IP address and even have digital certificates that look legitimate. The websites involved display authentic looking update messages to visitors. They instruct users to install updates for Chrome, Flash, and Firefox browsers. When they do, banking malware and trojans, among other viruses, get installed on their devices.

Compromised websites are nothing new, but the FakeUpdates campaign is. Experts believe that although a very sophisticated attack is involved along with being well, human, it’s ultimately bad security practices allowing it to happen in the first place. Poorly protected websites allowing CMS to be compromised are at the base of the problem. System administrators fail to patch systems with proper protections, including for updates, plugins, and add-ons their website uses.

Scores of unwitting users are now victims, but there are ways to avoid becoming one of them. Experts suggest avoiding updates for anything from a pop-up window, especially those involving device security patches. Take the time to go to the official website for the update and download only from there. The success of the FakeUpdates campaign is a clear signal that navigating safely in cyberspace is becoming more difficult every day. The expectations of users and website security system administrators together, done right, makes a safer cyberworld for us all.

Stickley on Security
June 25, 2018