In May 2017, the website of renowned credit reporting service Equifax was hacked and sensitive, private data of around 150 million of its US customers was hacked due to an old Apache flaw. The data hacked included names, Social Security numbers and other personal info. The company received backlash from left right and center over its inefficiency in safeguarding consumers’ data. However, with the passage of time, consumers’ trust was regained as they started to rely upon Equifax again. It seems that Equifax’s trying time is not over as yet as the site has been hacked again.
Reportedly, on Wednesday Equifax website was hacked and fake, infected Adobe Flash updates were being flashed, which when clicked immediately infected the visitor’s device with adware. This adware is powerful and well-designed that just three out of the 65 mainstream antivirus vendors namely Panda, Symantec, and Webroot could detect it.
Security researcher Randy Abrams noticed the hack while he was visiting the website; he was surprised to see that some of the site’s pages were redirecting to another website hxxp:centerbluray.info that offered a fake and infected Flash update.
“As I tried to find my credit report on the Equifax website I clicked on an Equifax link and was redirected to a malicious URL. The URL brought up one of the ubiquitous fake Flash Player Update screens,” noted Abrams.
Abrams asked users to remain cautious and use common sense while using Equifax: “Seriously folks. Equifax has enough on their plate trying to update Apache. They are not going to help you update Flash”, informed Abrams.
As evident the image depicts that Equifax page is redirecting the browser to four different domains and then it opens the Flash download at the same address mentioned above, that is, centerbluray.info, while the file that was delivered when Abrams clicked on the link was titled MediaDownloaderIron.exe. However, when Abrams tried to reproduce the redirecting domains several hours later, he was unable to do so, which means Equifax had already fixed the issue or maybe the attackers had decided to quit for the day.
Eset and Avira noted that apart from the centerbluray.info site, newcyclevaults.com was also one of the domains that pushed the malware. At the time of publishing this article, Equifax had taken the compromised page down.