Malwarebytes warns that fake Meltdown and Spectre patches are being used to spread Smoke Loader malware
News of the Meltdown and Spectre processor bugs quickly spread around the world, as companies and individuals tried to protect their systems. But in addition to concerns about the performance hit patches may have on computers, Malwarebytes has also issued a stark warning about fake patches.
The security firm warns that criminals have used interest in Meltdown and Spectre to push out fraudulent bug fixes that are laced with Smoke Loader malware.
- Spectre patch in iOS 11.2.2 is slowing down iPhones
- Intel promises transparency as Meltdown patch causes reboot problems with Broadwell and Haswell chips
- Intel releases benchmark results detailing Meltdown patch performance slowdown
- Microsoft and Intel reveal just how much Meltdown and Spectre patches slow PCs
Such fake patches have already been seen out in the wild in Germany, with a secure, SSL-enabled site purporting to be that of the German Federal Office for Information Security being used to offer up downloads. Unsurprisingly, considering the murky nature of the fake downloads, the site has nothing to do with the German government at all.
The bundled Smoke Loader malware is capable of downloading even more malware to victims' computers, sending back personal information to remote servers. Malwarebytes contacted both Comodo and Cloudflare once the problem was detected, and the offending sites were rendered uncontactable.
But while this particular example of malware may have been nipped in the bud, Malwarebytes says it serves as a timely reminder of security, and offers up the following advice:
Online criminals are notorious for taking advantage of publicized events and rapidly exploiting them, typically via phishing campaigns. This particular one is interesting because people were told to apply a patch, which is exactly what the crooks are offering under disguise.
It's always important to be cautious, especially when urged to perform an action (i.e. calling Microsoft on a toll-free number, or updating a piece of software) because there's a chance that such requests are fake and intended to either scam you or infect your computer. There are very few legitimate cases when vendors will directly contact you to apply updates. If that is the case, it's always good to verify this information via other online resources or friends first.
Also, remember that sites using HTTPS aren't necessarily trustworthy. The presence of a certificate simply implies that the data that transits between your computer and the site is secure, but that has nothing to do with the intentions or content offered, which could be a total scam.