Victims' computers were infected with information-stealing malware

Jan 14, 2014 21:31 GMT  ·  By

Security researchers from Symantec have identified an attack that’s designed to distribute malware by taking users to a website hosting the Gongda exploit kit. 

Cybercriminals have compromised the website of a major Japanese company that specializes in book publishing and the distribution of magazines, comics, books, games and movies. The company has not been named.

However, experts say that a malicious iframe has been injected into its website to lead visitors to a site that’s set up to host the exploit kit. The iframe in question has been identified on at least three pages, including the homepage.

The site started redirecting visitors to the malicious resource on the night of January 5. The issue was addressed around three days later.

The Gongda exploit kit used in the attack had been designed to exploit three Java, one XML Core Services and one Adobe Flash Player vulnerabilities in order to serve malware.

The malware in this case was Infostealer.Torpplar, a threat designed to steal information from Japanese users who visit certain banking, shopping, email, gaming, or credit card sites.