Another consumer brand falls victim to ‘old version syndrome’ serving malware to its customers; so why aren’t lessons being learned?
Attacks, such as the one originating from the Just for Men website (a brand of hair products for men), serving up malware to visitors are pretty commonplace. Indeed, researchers at Malwarebytes were alerted to the drive-by download by their automated detection systems.
In this case the attack chain started with the Just for Men site suffering from an injection of obfuscated code belonging to the EITest campaign. In turn, this redirected to the RIG exploit kit and ultimately delivered a password stealing Trojan payload if you followed it through to the malicious conclusion.
Nothing unusual there, you may think; and you’d be right, and that’s the problem.