Vulnerability Management

Attackers compromise Gizmodo Brazil

Share

Attacks on Gizmodo's Brazilian site and the website of an unnamed logistics firm hosted by the same ISP have prompted Trend Micro to investigate whether  “a vulnerability was used in order to penetrate the web servers,” according to a company blog post.

Attackers modified Gizmodo's main page by adding a script that redirected users to a different compromised website hosted in Sweden.

The attackers gained control of the server by uploading a web shell. When victims open the compromised site, a malicious URL — with a fake (older version) Adobe Flash download page in Portuguese — is loaded. 

The file is a backdoor, hosted by Google Drive, called BKDR_GRAFTOR.GHR. The logistics firm's website was similarly compromised. Gizmodo Brazil has since removed the compromised code from its servers and Trend Micro has alerted Google to the malicious file on Google Drive.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.