PageFair Breach Infects Windows PCs with Trjoan Flash Installers
Ashley Allen / 9 years ago
PageFair, a service designed to “help websites survive the rise of adblock”, has been compromised, causing websites using its software to spread malicious Trojan Flash installers the PCs of visiting users. The company, which believes that “the rise of adblocking is now leading to the death of quality free websites”, admitted in a blog post that its Content Distribution Network (CDN) services account, used to serve its analytics JavaScript tag, had been compromised by hackers. The CDN was modified to distribute a Trojan botnet in the form of a fake Adobe Flash update for Windows.
Sean Blanchfield, CEO of PageFair, revealed in a blog post the attack took place on 31st October, was seemingly designed to target PageFair specifically, and lasted for just over 80 minutes.
“For 83 minutes last night,” the post reads, “the PageFair analytics service was compromised by hackers, who succeeded in getting malicious javascript to execute on websites via our service, which prompted some visitors to these websites to download an executable file. I am very sorry that this occurred and would like to assure you that it is no longer happening.”
While PageFair is taking its share of responsibility for the attack, Ben Hartnett, VP of EMEA at security firm RiskIQ, thinks that it merely demonstrates how sophisticated hackers are becoming.
“We all know that hackers are getting smarter about how they distribute malware. The latest attack on PageFair shows how hackers are now actively targeting third-party components in a bid to reach a much larger number of victims,” Hartnett told The Inquirer. “By compromising PageFair’s analytics service, hackers were able to distribute malicious code to visitors of any website using this service. With organisations increasingly relying on their online presence to engage with customers, this style of attack is only going to increase, especially with organisations adopting more third party components to stay ahead of the competition.”