"Fake Alerts About Outdated Security Certificates Lead to Malware"

Researchers at Kaspersky Lab have discovered that cybercriminals are using fake alerts about outdated security certificates, complete with an "Install (Recommended)" button to download malware onto a person's computer. The fake notification is delivered in an overlaid iframe that loads the content from a third-party source. The browser's address bar shows the compromised site's URL even while showing the fake alert, which helps make the warning seem legitimate. The reason why cybercriminals are sending fake alerts about outdated security certificates is because Let's Encrypt certificate authority has started revoking millions of TLS/SSL certificates this week.

Help Net Security reports: "Fake Alerts About Outdated Security Certificates Lead to Malware"

 

Submitted by Anonymous on