While the likes of Google, Microsoft and chip manufacturers scramble to fix the Spectre and Meltdown vulnerabilities, hackers have been working on fake patches, riddled with malware and distributed via dubious websites claiming to be supported by security authorities.
This malware, known as Smoke Loader, looks to be an official patch but will actually let malware loose on your computer, posing potentially a greater threat than the original Meltdown and Spectre vulnerabilities.
The malware-infested patch was discovered by security firm MalwareBytes, which reported it found a particularly nasty variation on a German spoof site, sicherheit-informationstechnik.bid. The website offers advice about the vulnerabilities and then a download link with a zip file attached.
The download is called Intel-AMD-SecurityPatch-10-1-v1.exe—a filename that looks pretty legitimate, but when users install it onto their computer, they’ll find it’s actually laced with the Smoke Loader malware, causing the computer to connect to domains, sending encrypted information to them via additional payloads.
“The Subject Alternative Name field within the abused SSL certificate shows other properties associated with the .bid domain, including one that is a German template for a fake Adobe Flash Player update,” researcher Jerome Segura wrote in a blog post.
He added the company contacted Comodo and CloudFlare to report the dodgy download and immediately, they stopped the malware from operating. The company added its own software protected against the malware immediately.
“Online criminals are notorious for taking advantage of publicized events and rapidly exploiting them, typically via phishing campaigns,” Segura added. “This particular one is interesting because people were told to apply a patch, which is exactly what the crooks are offering under disguise.”