You guys are getting tired of EQUIFAX news? I sure as hell am but this keeps happening and happening. However, for the first time ever the company isn’t responsible of a major incident that tarnishes its name. This is more of a collective piece because this happened to companies besides EQUIFAX. Namely, it’s rival which is called TransUnion.
Let’s do a quick recap of the events that happened by the week. EQUIFAX’s site got compromised and it sent people to Adware downloading sites. Well, it just so happens that the same issue has happened to TransUnion as well. A security researcher from Anti-Virus provider Malwarebytes said transunioncentroamerica.com, a TransUnion site serving people in Central America, is also sending visitors to the fraudulent updates and other types of malicious pages.
Malwarebytes security researcher Jérôme Segura says he was able to repeatedly reproduce a similar chain of fraudulent redirects when he pointed his browser to the TransUnion site. In other words, the researcher would be sent to a fake “Flash Update”. In some other occasions, it delivered an exploit kit that tried to infect computers with unpatched browsers or browser plugins.
Since EQUIFAX took down the infected webpage, Malwarebytes was unable to determine which script was causing the problem. However, once the TransUnion incident popped up. The company rushed to action and found out that the common thread on the two websites is a script called “Fireclick.js”.
Fireclick is an analytics company, the name of the parent company might surprise a few gamers. It’s Digital River, the company that presented the Games as a Service report. It’s not known how long the plug-in has been affected. But the team at Malwarebytes suggests that users stay wary of the redirections caused by the plug-in.
If you want to know how this Malvertising plug-in works, I’d suggest you read the blog post made by the Malwarebytes Staff. Otherwise, we’ll have to wait until EQUIFAX and TransUnion deal with their issues on both of their websites.