You probably heard about the massive Equifax hack that exposed the personal information of millions of consumers in May, and you’d think that the company would tread carefully to keep that from happening again. However, it seems that the credit reporting bureau’s website has been compromised yet again, and it’s been serving up bogus links which may have led users to download adware, thinking they were downloading Flash.
Randy Abrams, an independent cyber-security analyst, told Ars Technica about this latest Equifax hack. He said that he went to Equifax’s website on Wednesday night to contest something on his credit report. While using the website for a bit, he encountered what looks to be a new Equifax hack. He said that his browser ended up taking him to the domain centerbluray.info, which included what looks like a pop-up prompting the user to install Adobe Flash.
Essentially, this Equifax hack leads visitors to the company’s website thinking that Flash needs to be installed. However, clicking on the link will install what Symantec refers to as Adware.Eorezo. His experience as a security researcher taught him that he might not encounter the same problem upon later visits to the website. Most hackers only show it to a small percentage of a websites users in order to avoid detection. In this case though, he was met with the fake Flash download prompts on at least three more visits to the Equifax website.
ValueWalk's Raul Panganiban interviews Kirk Du Plessis, Founder and CEO of Option Alpha, and discuss Option Alpha and his general approach to investing. Q1 2021 hedge fund letters, conferences and more The following is a computer generated transcript and may contain some errors. Interview with Option Alpha's Kirk Du Plessis
Abrams decided to play along with the bogus Flash update prompts, which downloaded a file called MediaDownloaderIron.exe. Symantec, Panda and Webroot identified the file as adware. Ars Technica shared a YouTube video that shows what users may encounter on the Equifax website, and it explains that the file’s code uses reverse engineering to conceal itself.
At this time, it’s unclear how the Flash page was displayed, and Ars Technica suggests that the credit reporting bureau may have been using a third-party network to run ads. If so, the network could be to blame for this Equifax hack, but still, the company itself should have some plan in place to protect its website from such adware-seeding exploits. The tech website added later that another reader experienced the same issue, so others probably have or will too.
This latest Equifax hack involving bogus Flash links reminded me of why so many tech firms are starting to phase the product out of use. Google Chrome already began blocking it by the end of last year, and Mozilla and others started blocking it even before that. Supposedly, performance and security issues were to blame for former Apple CEO Steve Jobs’ refusal to support Flash ever on the iPhone.
This year, several big tech names announced their plans to eliminate Flash due to bugs and security holes, and Adobe Systems agrees and has decided to pull the plug on it after about 20 years. Chrome users will now find that they’re being asked whether they want to allow Flash to run on particular pages, and Microsoft is doing the same thing for Edge. Gradually, each browser maker will phase it out in the coming years.
That said, this particular issue doesn’t seem to be with Flash, but rather, it’s about yet another security problem with the Equifax website that’s causing it to serve up adware described as Flash. At any rate, it’s interesting that those responsible for this new Equifax hack selected Flash as their disguise.