Equifax Website Hacked To Deliver Malware-bearing Flash Update

In May 2017, the website of renowned credit reporting service Equifax was hacked and sensitive, private data of around 150 million of its US customers was hacked due to an old Apache flaw. The data hacked included names, Social Security numbers and other personal info. The company received backlash from left right and center over its inefficiency in safeguarding consumers’ data. However, with the passage of time, consumers’ trust was regained as they started to rely upon Equifax again. It seems that Equifax’s trying time is not over as yet as the site has been hacked again.

Reportedly, on Wednesday Equifax website was hacked and fake, infected Adobe Flash updates were being flashed, which when clicked immediately infected the visitor’s device with adware. This adware is powerful and well-designed that just three out of the 65 mainstream antivirus vendors namely Panda, Symantec, and Webroot could detect it.

Security researcher Randy Abrams noticed the hack while he was visiting the website; he was surprised to see that some of the site’s pages were redirecting to another website hxxp:centerbluray.info that offered a fake and infected Flash update.

“As I tried to find my credit report on the Equifax website I clicked on an Equifax link and was redirected to a malicious URL. The URL brought up one of the ubiquitous fake Flash Player Update screens,” noted Abrams.

Equifax Hacked Again! This Time Hackers Decided to Install Adware on Users’ Computers

Abrams asked users to remain cautious and use common sense while using Equifax: “Seriously folks. Equifax has enough on their plate trying to update Apache. They are not going to help you update Flash”, informed Abrams.

As evident the image depicts that Equifax page is redirecting the browser to four different domains and then it opens the Flash download at the same address mentioned above, that is, centerbluray.info, while the file that was delivered when Abrams clicked on the link was titled MediaDownloaderIron.exe. However, when Abrams tried to reproduce the redirecting domains several hours later, he was unable to do so, which means Equifax had already fixed the issue or maybe the attackers had decided to quit for the day.

Eset and Avira noted that apart from the centerbluray.info site, newcyclevaults.com was also one of the domains that pushed the malware. At the time of publishing this article, Equifax had taken the compromised page down.

Watch what happened when Abrams visited Equifax site:

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.