A hacking campaign that has gone on for months spreads malware through fake updates on compromised websites.
Hackers have infiltrated thousands of websites that use a variety of content management systems, according to expert Malwarebytes. The hackers then display authentic-looking messages, prompting users to update their Firefox, Chrome, or Flash browser. If a user downloads the update, his or her device is infected with banking malware and remote access trojans.
The sophisticated malware only sends the fake update notification to each user once, which makes it appear less suspicious.
Cybersecurity experts report malware campaigns that use compromised websites have become more common over the past decade. Computer support scams often use compromised sites, but now hackers are also taking over websites in order to spread cryptocurrency mining malware. Dan Goodin "Thousands of hacked websites are infecting visitors with malware" arstechnica.com (Apr. 11, 2018).