Watch out for fake Spectre and Meltdown patches infected with Smoke Loader malware

Patrick Devaney


The Spectre and Meltdown vulnerabilities that affect almost all processors on the planet have been dominating the news recently. We’ve heard about the patches that might slow down PCs and a Google patch that might have a negligible effect on PC performance. Well now we have something else to worry about as it seems that there are fake Spectre and Meltdown patches out there that come loaded with malware.

Malwarebytes Anti-Malware Download malware protection now

The warning comes from cyber security experts at Malwarebytes. Victims find themselves redirected to a site that looks legitimate and is filled with “useful” information about how Spectre and Meltdown affect computer processors.

Watch out for fake Spectre and Meltdown patches infected with Smoke Loader malware
(Via: Malwarebytes)  The fake German site looks serious and credible

All of this is designed to make users feel comfortable enough to click the link and download the patch offered, which will have dire consequences. Malwarebytes researcher, Jérôme Segura said:

“Upon running it, users will infect themselves with Smoke Loader, a piece of malware that can retrieve additional payloads… Post-infection traffic shows the malicious file attempting to connect to various domains and sending encrypted information.”

Once installed the Smoke Loader malware can download more malware onto the victim’s computer and send back personal information to remote servers.

Malwarebytes Anti-Malware Download malware protection now

Although this particular site was aimed at German users, by mimicking a German government website, fake websites pushing fake patches, updates, and fixes are a threat to us all. Malwarebytes’ Segura went on to offer this advice:

“Online criminals are notorious for taking advantage of publicized events and rapidly exploiting them, typically via phishing campaigns. This particular one is interesting because people were told to apply a patch, which is exactly what the crooks are offering under disguise.

It’s always important to be cautious, especially when urged to perform an action (i.e. calling Microsoft on a toll-free number, or updating a piece of software) because there’s a chance that such requests are fake and intended to either scam you or infect your computer. There are very few legitimate cases when vendors will directly contact you to apply updates. If that is the case, it’s always good to verify this information via other online resources or friends first.

Also, remember that sites using HTTPS aren’t necessarily trustworthy. The presence of a certificate simply implies that the data that transits between your computer and the site is secure, but that has nothing to do with the intentions or content offered, which could be a total scam.”

Be careful when downloading anything and always double-check the source of the download.

Let us know your experiences with Spectre and Meltdown in the comments below.

Follow me on Twitter: @PatrickDevaney_

Via: Malwarebytes, Security Boulevard and betanews

You may also like