TransUnion a company similar to Equifax is also redirecting it’s users to Fake Website

As News reported late Wednesday night, a division of Equifax’s website was redirecting guests to a page that was passing fraudulent Adobe Flash updates. When clicked, the files affected visitors’ machines with adware that was recognized by only three of 65 antivirus providers. On Thursday afternoon, Equifax executives said the mishap was the result of a third-party service Equifax was using to get website-performance data and that the “vendor’s code working on an Equifax website was accepting malicious content.” Equifax originally shut down the affected portion of its site, but the organization has since restored it after eliminating the malicious content.

Now, Malwarebytes security researcher Jérôme Segura says he was capable to repeatedly generate a similar chain of fraudulent redirects when he showed his browser to the  site. On some events, the final link in the chain would push a fake Flash update. In other examples, it delivered an exploit kit that decided to infect computers with unpatched browsers or browser plugins. The attack series remained active at the time this post was going live.

“TransUnion is aware that our Central America website was briefly redirecting users to download malicious software. The issue has happened to be fixed and we are browsing our other websites. TransUnion has not known any unauthorized access to its systems as a result of this issue.”

The general thread tying the affected Equifax and TransUnion pages is that both entertained , a JavaScript file that appears to request the service serving the malicious content. When called,  pulls content from a long chain of pages, beginning with those hosted by , , and . Depending on the visitors’ IP address, browsers ultimately wind up attending pages that deliver a fake survey, a fake Flash update, or an exploit kit.

Take your time to comment on this article.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients