fans have been warned about fake security patches for the Spectre and Meltdown vulnerabilities that delivers dangerous malware to PCs.

The Meltdown and Spectre flaws are recently discovered vulnerabilities that affect a host of major CPUs.

The bugs could allow hackers to steal sensitive information stored on affected devices such as passwords or credit card data.

Microsoft has distributed fixes for Meltdown and Spectre already, but a number of users reported the patches slowed down their machines.

The Redmond-based tech giant also paused the rollout of the fix to AMD processors after users reported their PCs failed to boot after the update.

But while there are official fixes available, scammers have been trying to take advantage of the rush from consumers to fix the security flaws.

Cyber security firm Malwarebytes are warning Windows 10 users of a fake patch that con-artists are trying to get victims to download.

The patch appears on an official looking website, which also features advice on how Meltdown and Spectre can affect computer processors.

But this extra information is just a cunning ploy to make the site looking more legitimate and trick users into downloading the malware-filled ‘patch’.

Describing what happens when victims run the fake patch, Malwarebytes researcher Jerome Segura said: “Upon running it, users will infect themselves with Smoke Loader, a piece of malware that can retrieve additional payloads. 

“Post-infection traffic shows the malicious file attempting to connect to various domains and sending encrypted information.”

The scam is targeted at Windows 10 users in Germany, with the alleged update appearing on a website that mimics the design of a German government site.

Segura added: “Online criminals are notorious for taking advantage of publicised events and rapidly exploiting them, typically via phishing campaigns. 

“This particular one is interesting because people were told to apply a patch, which is exactly what the crooks are offering under disguise.

“It’s always important to be cautious, especially when urged to perform an action (i.e. calling Microsoft on a toll-free number, or updating a piece of software) because there’s a chance that such requests are fake and intended to either scam you or infect your computer. 

“There are very few legitimate cases when vendors will directly contact you to apply updates. If that is the case, it’s always good to verify this information via other online resources or friends first.

“Also, remember that sites using HTTPS aren’t necessarily trustworthy. 

“The presence of a certificate simply implies that the data that transits between your computer and the site is secure, but that has nothing to do with the intentions or content offered, which could be a total scam.”

Nearly all computers worldwide, and many other devices like smartphones, have been exposed to the Meltdown and Spectre security gaps leaving them vulnerable to hacker attacks.

Researchers recently discovered the vulnerabilities in the central processing units, which could allow privately stored data on computers to be hacked.

It’s important to note so far no data breaches have been reported. 

But there are concerns that now it’s been made public the bugs could be taken advantage of by nefarious parties.

The Meltdown security risk affects laptops, desktop computers and internet servers with Intel chips.

While Spectre affects some chips made by Intel, ARM and AMD that are found in smartphones, tablets and computers.



Image & Article Source

Leave a Reply

Your email address will not be published.