Delaware, USA – January 16, 2018 – In the first weeks of 2018, public attention was drawn to the uncovered Meltdown and Spectre vulnerabilities: hardware and software vendors continue to release patches or security updates and send out notifications about these vulnerabilities and ways to deal with them. Attackers also took advantage of the popularity of Meltdown and Spectre and created a fake security update for Windows that installs Smoke Loader malware on victim’s system. Researchers from Malwarebytes report that adversaries created the website with description of the vulnerabilities and Intel-AMD-SecurityPatch-11-01bsi.zip archive to spread this malware. Smoke Loader is able to download and install additional payload and can send encrypted data to the control servers. Currently, the malicious website is blocked.
It is possible that other threat actors are already using false updates in phishing campaigns to distribute malware, so you need to take extra attention when installing updates. Let’s recall that in early January, APT Framework Basic for ArcSight was updated to make it easier for security teams to locate hosts that are still vulnerable to Meltdown and Spectre attacks.