Following the recent zero-day exploit, the rush is on to download the latest patch for Java. Unfortunately, some users are falling prey to malware disguised as a legitimate Java update. As always: DOWNLOADER BEWARE.
According to Trend Micro, victims are being directed to a malicious website which informs them that they need to update their version of Java. The attack is subtle, displaying what appears to be a news site related to cybercrime and prompting the user to accept an automatic download of "javaupdate11."
The attack isn't too subtle, though. For instance, the malicious website has the misspelled message "A newer version of Java is require" in large, red letters.
"The use of fake software updates is an old social engineering tactic," writes Trend Micro. "This is not the first time that cybercriminals took advantage of software updates."
Trend Micro notes that while this attack does not take advantage of the zero-day vulnerability, it does allow attackers to seize control of infected systems. Instead of Java, it downloads two malicious files which connect the infected computer to a remote server. One appears to be a keylogger, which in turn downloads a piece of ransomware that seizes control of users' screens.
These recent troubles have begun to cast Java as a major liability and attacks that take advantage of users trying to do the right thing doesn't help. For users looking to update, be sure you use the legitimate download from Oracle. However, if you don't use Java very often, now might be a good time to just disable Java entirely or find alternative software.
For more from Max, follow him on Twitter @wmaxeddy.
Watch Out! Malware Posing as Java Update
