PageFair Analytics Hacked on Halloween Night

PageFair, an anti-adblocking company which provides analytics for online publishers on who is using an adblock while visiting their websites, was recently attacked on Halloween in what appears to be a trojan masquerading as an Adobe Flash Update. More than 500 websites that use PageFair’s service had malicious JavaScript code execute on their websites after receiving popups prompting people that their Flash Player was out of date. shutterstock_156385835

What else is interesting about this attack is that it occurred for only 83 minutes, and in that time 500+ websites were affected. The CEO of PageFair, Sean Blanchfield, wrote a blog post the day after the attack which says “For 83 minutes last night, the PageFair analytics service was compromised by hackers, who succeeded in getting malicious javascript to execute on websites via our service, which prompted some visitors to these websites to download an executable file. I am very sorry that this occurred and would like to assure you that it is no longer happening.”

PageFair estimated that only 2.3% of the people who visited the affected sites would have been at risk of getting infected themselves. Although this particular attack seems to be over for now, there are still plenty of fake Flash “updates” out there which take advantage of people who don’t know what they’re clicking “Install” on. Don’t fall victim to popups on websites telling you that your Flash player or any other type of software is out of date and never download an .exe/.dmg file from these popups because you never know what it is you’re downloading onto your computer.

Source

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s