Skip to main content

Hackers are infiltrating news websites to spread malware

Some alarming news broke today that hundreds of U.S. news websites are unwittingly playing a big role in a new malware campaign that’s disguised as a Chrome browser update. This is quite a devious attack method since it’s considered an important security practice to update your browser as soon as possible.

The way hackers are delivering the malware is also clever. It’s coming via an advertising network that also supplies video content to newspaper websites across the nation. It’s difficult to identify and shut down this attack because it is applied intermittently. According to a tweet by the security research team Threat Insight, the JavaScript code is being changed back and forth from the normal harmless ad delivery script to the one that includes the hacker code that shows a false update alert.

Proofpoint Threat Research has observed intermittent injections on a media company that serves many major news outlets. This media company serves content via #Javascript to its partners. By modifying the codebase of this otherwise benign JS, it is now used to deploy #SocGholish.

— Threat Insight (@threatinsight) November 2, 2022

This is a serious problem since many people get their local news from these websites and trust them implicitly. Here’s what you need to know about this dangerous new malware campaign. When visiting a news site and after advertising loads, an alert might appear warning you that it’s time to update your browser.

A black fedora rests on top of newspapers infected with spreading green lines..

According to Bleeping Computer, the message is tailored to match your browser, appearing to be an update for Google Chrome, Mozilla Firefox, or Opera. If you proceed with the download, it will be a malware package rather than a security update.

Thankfully, it’s easy to double-check by navigating to browser settings and checking if there are any updates available within the browser controls. Hackers have not been able to insert their malware links into the browser code. Alerts, on the other hand, can be triggered by websites and website advertising, so use extra caution with pop-ups.

Editors' Recommendations

Alan Truly
Computing Writer
Alan is a Computing Writer living in Nova Scotia, Canada. A tech-enthusiast since his youth, Alan stays current on what is…
Hackers are using fake WordPress DDoS pages to launch malware
A digital depiction of a laptop being hacked by a hacker.

Hackers are pushing the distribution of dangerous malware via WordPress websites through bogus Cloudflare distributed denial of service (DDoS) protection pages, a new report has found.

As reported by PCMag and Bleeping Computer, websites based on the WordPress format are being hacked by threat actors, with NetSupport RAT and a password-stealing trojan (RaccoonStealer) being installed if victims fall for the trick.

Read more
Hackers stole passwords from 140,000 payment terminals using malware
The Wiseasy point of sale system on a table.

An Android-based payment system has been affected by hackers who have been able to infiltrate its database and gain access to 140,000 payment terminals globally, according to TechCrunch.

The brand, Wiseasy, is well known in the Asia-Pacific region, with its payment terminals used in restaurants, hotels, retail outlets, and schools. Its accompanying Wisecloud cloud service is used for remote management and configuration for its customer's terminals.

Read more
Hackers now exploit new vulnerabilities in just 15 minutes
A depiction of a hacker breaking into a system via the use of code.

Hackers are now ​​moving faster than ever when it comes to scanning vulnerability announcements from software vendors.

Threat actors are actively scanning for vulnerable endpoints within a period of just 15 minutes once a new Common Vulnerabilities and Exposures (CVE) document is published, according to Palo Alto's 2022 Unit 42 Incident Response Report.

Read more