Fake Spectre and Meltdown Patch Pushes Malware
The Meltdown and Spectre bugs have generated a lot of media attention, but some patches have created more issues than they fixed.
While users have been urged to update their machines with fixes made available by various vendors, MalwareBytes came across a particular patch targeted at German users that actually is malware.
In fact, German authorities recently warned about phishing emails trying to take advantage of those infamous bugs.
The web security firm identified a recently registered domain that is offering an information page with various links to external resources about Meltdown and Spectre and how it affects processors. While it appears to come from the German Federal Office for Information Security (BSI), this SSL-enabled phishing site is not affiliated with any legitimate or official government entity.
Moreover, the same fraudulent domain has a link to a ZIP archive (Intel-AMD-SecurityPatch-11-01bsi.zip) containing the so-called patch (Intel-AMD-SecurityPatch-10-1-v1.exe), which really is a piece of malware.
Upon running it, users will infect themselves with Smoke Loader, a piece of malware that can retrieve additional payloads.
Malwarebytes contacted Comodo and CloudFlare to report on this abuse and within minutes the site did not resolve anymore thanks to CloudFlare's quick response.
It's always important to be cautious, especially when urged to perform an action (i.e. calling Microsoft on a toll-free number, or updating a piece of software) because there's a chance that such requests are fake and intended to either scam you or infect your computer. There are very few legitimate cases when vendors will directly contact you to apply updates. If that is the case, it's always good to verify this information via other online resources or friends first.
Also, remember that sites using HTTPS aren't necessarily trustworthy. The presence of a certificate simply implies that the data that transits between your computer and the site is secure, but that has nothing to do with the intentions or content offered, which could be a total scam.