Thousands of websites hacked, virus danger for users

A French security researcher has discovered a new hacker attack attempt that exploits thousands of compromised websites. Here's what's going on

Of the various types of hacker attacks used today, it remains one of the most dangerous and least understood by the general public. And this contributes, in a sort of cyber short-circuit, to further increase its degree of danger and "lethality". Hacker attacks conducted through compromised websites are still difficult to detect and, therefore, to counteract.

Given these premises, it should not be so difficult to understand why Jérôme Segura, chief malware analyst for the software house Malwerbytes, is worried. The French researcher and computer security expert has discovered a new family of banking malware that spreads across the web through thousands of hacked but, in the eyes of Internet users, absolutely "normal" websites.

Which sites have been hacked

According to what Segura wrote in a post hosted on the Malwerbytes blog, the hackers were able to exploit some vulnerabilities that allowed them to compromise portals created with some of the most used content management platforms (WordPress, Joomla and SquareSpace are the ones mentioned by the French researcher). This allowed cybercriminals to hack tens of thousands of websites (at least from a theoretical point of view) and infect an unspecified number of users. To be precise, however, it is not possible to determine the exact number of attacked portals: according to Segura it is a few thousand, but the figure could vary from day to day.

How the attack works with compromised websites

To maximize the number of affected users, hackers adopted some tricks that made the attack difficult to identify. Compromised portals show a message to a small number of users asking them to update the browser they are using or Flash: to avoid looking like a fake alert, hackers analyze the computer of the possible victim, create a profile and show the update alert once. In case the victim falls for it, he will download a malicious JavaScript file: a sort of Trojan horse that automatically starts downloading the actual virus. At this point, the malware remains 'hidden' until you attempt to access your home banking portal in the hopes of getting your login credentials stolen.