14 DAY TRIAL // Cybercriminals have compromised at least 10 websites, including 5 belonging to US media organizations. The hijacked sites are utilized to distribute the ZeroAccess Trojan and Fake AV malware.
The media sites impacted by this campaign are the ones of Real Clear Policy, Real Clear Science, The Christian Post, Federal News Radio, and WTOP Radio.
When users visit these sites, they’re redirected to a malicious domain that’s set up to serve the malicious elements, Zscaler experts have found.
However, not all visitors can become infected. The malicious code injected into the compromised websites only performs the redirect if the victim uses Internet Explorer.
It’s uncertain if the recently uncovered Internet Explorer zero-day is used in this campaign.
On Monday, when the sites were last checked by Zscaler experts, they still hosted the malicious code.