A malware attack affecting websites that used a service from a company called PageFair resulted in those websites displaying a fake Flash update to their visitors.
PageFair is a service that allows website owners to see how many of their visitors use ad-blocking software. The website owner embeds some code provided by PageFair into their website and PageFair provides analytics.
However on Halloween night, PageFair was hacked after cyber criminals managed to get control of a key email account, and managed to compromise a PageFair server that was able to send out malicious instructions to any website using the PageFair service. This led to any website using the service to display a fake Flash update pop-up to their visitors. Accepting the fake update led to those visitors getting infected with malware.
PageFair issued an apology quickly, and patched up the intrusion, but concerning how many people fell for the malware trap, we don’t know.
Of course if that number is more than one, then that is too many. Not only because it should never have happened in the first place, but because fake Flash updates are not a new modus operandi for malware scammers. Tricking victims into downloading harmful files masquerading as Flash updates is a tired trick that we should all be familiar with by now.
Sponsored Content. Continued below...
So if you’re browsing the Internet and suddenly a pop-up comes up saying you need to download the latest version of Flash then you should be first suspicious of it. If you don’t know if the pop-up is genuine then go to Adobe’s website directly for the latest update.
That way you know you’ll be getting the actual update and not malware. Of course the same advice applies to all pop-ups you see when browsing the Internet that want you to download files to your computer.