Equifax’ website served fraudulent Adobe Flash updates before being taken down

Equifax' credit report assistance page had to be taken down after it was revealed that hackers had flooded it with fraudulent Adobe Flash updates on Wednesday.

Equifax said it has taken the page offline and its IT and Security teams are looking into the case of fraudulent Adobe Flash updates.

Earlier this month, credit rating agency Equifax revealed that a data breach it suffered affected as many as 693,665 customers in the UK, with hackers accessing their email addresses, passwords, driving license numbers, and phone numbers. The agency also confirmed that hackers also got their hands on a file that contained records for as many as 15.2 million Britons dating between 2011 and 2016.

Having suffered a major data breach that forced its CEO, CIO, and CSO to step down and left the agency's reputation in tatters, one would believe that Equifax would be the last firm in the world to be hacked again and suffer a repeat embarrassment.

However, as Ars Technica reports, this is exactly what happened. A security researcher, as well as a number of Equifax customers, told the media outlet that they had encountered fraudulent Adobe Flash updates when they visited Equifax' credit report assistance page on Wednesday and Thursday.

Randy Abrams, the researcher in question, encountered the Flash update notification on several occasions and upon further analysis, noted that the resulting download file, named MediaDownloaderIron.exe, was flagged for carrying adware by Panda, Symantec, and Webroot.

'This separate malware analysis from Payload Security shows the code is highly obfuscated and takes pains to conceal itself from reverse engineering.

'Malwarebytes flagged the centerbluray.info site as one that pushes malware, while both Eset and Avira provided similar malware warnings for one of the intermediate domains, newcyclevaults.com,' said Dan Goodin, Security Editor at Ars Technica.

Following the revelation, Equifax said that its IT and Security teams were looking into the matter and that it had taken down the credit assistance page temporarily out of an abundance of caution. However, the agency later confirmed that its systems were not compromised and that none of its customers were affected, even though it did admit that vendor codes on the credit assistance page were serving up malicious content to visitors.

"The issue involves a third-party vendor that Equifax uses to collect website performance data, and that vendor’s code running on an Equifax website was serving malicious content.

"Since we learned of the issue, the vendor’s code was removed from the webpage and we have taken the webpage offline to conduct further analysis," the agency said.