CryptXXX ransomware being served by toy company site
Visitors only had to visit Maisto's site with an out of date computer to be exposed.
The day after security researchers discovered the website for toy maker Maisto was not only selling radio-controlled cars and planes, but was also pushing ransomware, the site was down for maintenance.
Malwarebytes Senior Security Researcher Jerome Segura confirmed that the site was serving up the Bedep version of the Angler exploit kit and installing the recently discovered CryptXXX ransomware. CryptXXX was discovered by Proofpoint researchers in mid April.
Visitor's only had to visit Maisto's site with an out of date computer to be exposed, Segura said, adding that to avoid these situations it's best to remove unnecessary plugins such as Flash and Silverlight to help protect against this type of attack.
Once infected the computer shows a countdown clock on the screen along with a demand for $500 payable in bitcoin.
Maisto was found to be running on a Microsoft IIS server with an outdated version of the Joomla content management system, which exposed the site to automated hacks, Segura wrote, citing Sucuri.
The attackers also made sure the malware was hard for Maisto's site administrators to spot by only showing a clean version of the site to return visitors.
“This makes it very difficult for site admins to even notice there is something wrong because the malicious module (darkleech) will purposely hide from them,” Segura said.
SCMagazine.com was unable to get in touch with Maisto for comment.