Malwarebytes Labs published an article regarding malware posing as Spectre / Meltdown patches. At the beginning of the year, Google announced three vulnerabilities in the design of most modern day micro processors, commonly referred to as Spectre and Meltdown. Always looking for an angle to infect the unwary, cybercriminals have taken advantage of the major processor vendors telling their customers to download and install patches by supplying malicious patches of their own. German authorities discovered a site listed as "German Federal Office for Information Security" that is currently engaging in a phishing campaign to infect visitors. The site does contain information regarding the Spectre / Meltdown vulnerabilities, but it also has a "patch" available for download. The "patch" is called Intel-AMD-SecurityPatch-11-01bsi.zip and actually contains the executable for Smoke Loader, a malware package that is used to download other malicious malware, stored under the name "Intel-AMD-SecurityPatch-10-1-v1.exe". Once the victim has executed this fake patch, it begins to contact its command and control server for additional instructions.
Malwarebytes quickly contacted Comodo and Cloudflare to inform them of this threat. Cloudflare took the site down within minutes to prevent further infections by the unwary. Malwarebytes also noted that the "Subject Alternative Name " field within the suspicious site SSL certificate listed other domain names that have previously been linked to fake Adobe Flash Player updates.
Indicators of Compromise: