Evilgrade Exploit Toolkit infecting computers that update software online.
We can all agree that software updates are essential for keeping our computer safe and running to the best of its abilities right? What if the software update service was insecure to begin with, where do you go from there?
A malware kit called Evilgrade is currently attacking software update services rendering the update unsafe. According the ZDNet blog, the infection of the systems happen through a man-in-the-middle (DNS, DHCP and ARP spoofing) type of attack where it infects systems through the update process. This allows the attack to happen to a wide range of applications. Below is a list of product updates that may have been attacked.
- DAP [Download Accelerator]
- iTunes
- Java plugin
- Linkedin Toolbar
- MacOS
- notepad++
- OpenOffices
- speedbit
- Winamp
- Winzip
How would this happen to me?
If you ever use public Wi-Fi access and the DNS cache has been compromised and you choose to update your software then you risk becoming infected. From the reports that we have researched, this is only happening to the software update services listed above. Some reports have stated that Apple has updated their update service to ward off this type of attack. Other companies remain off of this list such as Microsoft due to them anticipating attacks such as these and allowing their updater to install binaries signed by Microsoft which proves to be a safer method for updating software.