Chip vulnerabilities Meltdown and Spectre have been called the most significant cyber flaws of the last two decades, and patching is vital. However, Malwarebytes has said that it's important to be careful about where those patches come from, after discovering fake downloads on a German website.
Both Meltdown and Spectre, which together affect hardware from all major vendors, exploit the ways in which chips use speculative execution to steal sensitive data from vulnerable systems. These can be physical computers or virtual machines in the cloud.
Malwarebytes has found one particular patch, ostensibly aimed at German users, that appears to be jumping on the Meltdown/Spectre panic; it is actually malware known as Smoke Loader.
A newly-registered domain, using iconography that suggests it is an official page from the German Federal Office for Information Security, shows an information page with links to external resources about the two vulnerabilities. However, it is really a phishing site, with a link to a ZIP archive that contains the malware (posing as ‘Intel-AMD-SecurityPatch-10-1-v1.exe').
Smoke Loader was first found several years ago, with an early version appearing on the dark web in 2011. It got its name from the virtual smokescreen that it creates to hide itself once installed.
After a system is infected, the malware will attempt to connect to various domains and download additional payloads.
Malwarebytes alerted CloudFlare and Comodo to the website - which used to HTTPS security certificate - and had it removed. Remember that HTTPS is only a verification that data sent between the site and a computer is encrypted, not that it is safe.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago