Crooks inject malicious Java applet into FOREX trading website

VXers wouldn't give a XXXX for anything else


A FOREX trading website has been contaminated with a malicious Java applet that is designed to install malware on the systems of visiting surfers.

The targeted website is a popular FOREX (foreign exchange market) website called "Trading Forex" (tradingforex.com). The website remains contaminated as of Thursday lunchtime according to Websense, the web security firm that detected the attack.

The Java applet planted on the website attempts to install a malicious executable written in Visual Basic.Net and requires the Microsoft's .NET framework to be successfully installed and running on a victim's computer. This is an unusual approach.

Hackers intent on distributing malware through compromised websites often use pre-packaged tools, available through underground forums, most notably the widely used Blackhole Exploit kit.

Elad Sharf, senior security researcher at Websense, said it is unclear why the FOREX VXers have taken a different line of attack, although he has a few theories.

"We can only speculate why. One of the likely reasons is that the ‘Blackhole exploit kit’ costs money either to rent or to buy," Sharf told El Reg. "On the other hand, the attack vector that was used on that website can be created with tools that are available for free.

"It’s important to note that there was no exploit involved in this attack but rather a social engineering trick that requires the victim’s involvement - if successful it will allow a backdoor Trojan to run on the victim’s machine," he added.

Carl Leonard, senior security research manager EMEA at Websense, added. "This injection could deposit malware to the users of this site, possibly opening them up to data stealing. We're also seeing typosquatting being used here, perhaps ready for a future attack." ®

Similar topics

Broader topics


Other stories you might like

  • EU-US Trade and Technology Council meets to coordinate on supply chains
    Agenda includes warning system for disruptions, and avoiding 'subsidy race' for chip investments

    The EU-US Trade and Technology Council (TTC) is meeting in Paris today to discuss coordinated approaches to global supply chain issues.

    This is only the second meeting of the TTC, the agenda for which was prepared in February. That highlighted a number of priorities, including securing supply chains, technological cooperation, the coordination of measures to combat distorting practices, and approaches to the decarbonization of trade.

    According to a White House pre-briefing for US reporters, the EU and US are set to announce joint approaches on technical discussions to international standard-setting bodies, an early warning system to better predict and address potential semiconductor supply chain disruptions, and a transatlantic approach to semiconductor investments aimed at ensuring security of supply.

    Continue reading
  • US cops kick back against facial recognition bans
    Plus: DeepMind launches new generalist AI system, and Apple boffin quits over return-to-work policy

    In brief Facial recognition bans passed by US cities are being overturned as law enforcement and lobbyist groups pressure local governments to tackle rising crime rates.

    In July, the state of Virginia will scrap its ban on the controversial technology after less than a year. California and New Orleans may follow suit, Reuters first reported. Vermont adjusted its bill to allow police to use facial recognition software in child sex abuse investigations.

    Elsewhere, efforts are under way in New York, Colorado, and Indiana to prevent bills banning facial recognition from passing. It's not clear if some existing vetoes set to expire, like the one in California, will be renewed. Around two dozen US state or local governments passed laws prohibiting facial recognition from 2019 to 2021. Police, however, believe the tool is useful in identifying suspects and can help solve cases especially in places where crime rates have risen.

    Continue reading
  • RISC-V needs more than an open architecture to compete
    Arm shows us that even total domination doesn't always make stupid levels of money

    Opinion Interviews with chip company CEOs are invariably enlightening. On top of the usual market-related subjects of success and failure, revenues and competition, plans and pitfalls, the highly paid victim knows that there's a large audience of unusually competent critics eager for technical details. That's you.

    Take The Register's latest interview with RISC-V International CEO Calista Redmond. It moved smartly through the gears on Intel's recent Platinum Membership of the open ISA consortium ("they're not too worried about their x86 business"), the interest from autocratic regimes (roughly "there are no rules, if some come up we'll stick by them"), and what RISC-V's 2022 will look like. Laptops. Thousand-core AI chips. Google hyperscalers. Edge. The plan seems to be to do in five years what took Arm 20.

    RISC-V may not be an existential risk to Intel, but Arm had better watch it.

    Continue reading

Biting the hand that feeds IT © 1998–2022