Equifax’ website served fraudulent Adobe Flash updates before being taken down

Equifax’ website served fraudulent Adobe Flash updates before being taken down

Microsoft to stop supporting Adobe Flash Player from December

Equifax’ credit report assistance page had to be taken down after it was revealed that hackers had flooded it with fraudulent Adobe Flash updates on Wednesday.

Equifax said it has taken the page offline and its IT and Security teams are looking into the case of fraudulent Adobe Flash updates.

Earlier this month, credit rating agency Equifax revealed that a data breach it suffered affected as many as 693,665 customers in the UK, with hackers accessing their email addresses, passwords, driving license numbers, and phone numbers. The agency also confirmed that hackers also got their hands on a file that contained records for as many as 15.2 million Britons dating between 2011 and 2016.

Having suffered a major data breach that forced its CEO, CIO, and CSO to step down and left the agency’s reputation in tatters, one would believe that Equifax would be the last firm in the world to be hacked again and suffer a repeat embarrassment.

However, as Ars Technica reports, this is exactly what happened. A security researcher, as well as a number of Equifax customers, told the media outlet that they had encountered fraudulent Adobe Flash updates when they visited Equifax’ credit report assistance page on Wednesday and Thursday.

Randy Abrams, the researcher in question, encountered the Flash update notification on several occasions and upon further analysis, noted that the resulting download file, named MediaDownloaderIron.exe, was flagged for carrying adware by Panda, Symantec, and Webroot.

‘This separate malware analysis from Payload Security shows the code is highly obfuscated and takes pains to conceal itself from reverse engineering.

‘Malwarebytes flagged the centerbluray.info site as one that pushes malware, while both Eset and Avira provided similar malware warnings for one of the intermediate domains, newcyclevaults.com,’ said Dan Goodin, Security Editor at Ars Technica.

Following the revelation, Equifax said that its IT and Security teams were looking into the matter and that it had taken down the credit assistance page temporarily out of an abundance of caution. However, the agency later confirmed that its systems were not compromised and that none of its customers were affected, even though it did admit that vendor codes on the credit assistance page were serving up malicious content to visitors.

“The issue involves a third-party vendor that Equifax uses to collect website performance data, and that vendor’s code running on an Equifax website was serving malicious content.

“Since we learned of the issue, the vendor’s code was removed from the webpage and we have taken the webpage offline to conduct further analysis,” the agency said.

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]