By Darren Allan
As the scramble to patch the gaping Meltdown and Spectre security flaws continues, there are already real-world dangers pertaining to the vulnerabilities, with news of a fake patch emerging, as well as the likelihood that malicious users are coming close to weaponizing exploits.
As International Business Times spotted, security firm Malwarebytes recently discovered a fake Meltdown and Spectre patch which actually deposits ‘smoke loader’ malware on the victim’s machine.
The good news – such as it is – is that at the moment, this is targeting users over in Germany, but there’s every chance of similar scams popping up in the UK, US and elsewhere. Indeed, they may be around now, and just not found yet.
The false patch is somewhat clever in that it tries to seem authentic by looking like it’s delivered by genuine German authorities. The website hosting the patch appears to belong to the German Federal Office for Information Security.
The fake patch is delivered as an EXE (Intel-AMD-SecurityPatch.exe) and when run it infects the host PC with the aforementioned malware, which is a piece of malicious software capable of retrieving further payloads to wreak havoc on the user’s machine.
Also note that the real German …read more
Source:: techradar.com – Computing Components
Previous post
Next post