14 DAY TRIAL // Internet users who have visited the website of the French Budget Minister's Performance Forum (performance-publique.budget.gouv.fr) may have fallen victim to a clever cybercriminal plot. Experts found that the site was taken over and altered to host a malicious JavaScript.
Zscaler researchers state that they couldn’t retrieve the content that was served to users, but the script created an iframe that pointed to rr.nu, a domain that has been used on previous occasions in Fake AV campaigns and even ones connected to the now-infamous Flashback Mac Trojan.
The JavaScript placed on the French government site was obfuscated to avoid being flagged as malicious.
Currently, the site is offline, which may indicate that its administrators are working on cleaning it up, but during the time the malicious code was active, a large number of users might have fallen victim.
Security professionals reveal that in the past period, numerous government sites have been hijacked, including ones from Australia, US, Philippines, Columbia and Malaysia.