Watch Out! Malware Posing as Java Update
Following the recent zero-day exploit, the rush is on to download the latest patch for Java. Unfortunately, some users are falling prey to malware disguised as a legitimate Java update. As always: DOWNLOADER BEWARE.
According to Trend Micro, victims are being directed to a malicious website which informs them that they need to update their version of Java. The attack is subtle, displaying what appears to be a news site related to cybercrime and prompting the user to accept an automatic download of “javaupdate11.”
The attack isn’t too subtle, though. For instance, the malicious website has the misspelled message “A newer version of Java is require” in large, red letters.
“The use of fake software updates is an old social engineering tactic,” writes Trend Micro. “This is not the first time that cybercriminals took advantage of software updates.”