Meltdown and Spectre fake patch warning: be careful what you download

Meltdown and Spectre

As the scramble to patch the gaping Meltdown and Spectre security flaws continues, there are already real-world dangers pertaining to the vulnerabilities, with news of a fake patch emerging, as well as the likelihood that malicious users are coming close to weaponizing exploits.

As International Business Times spotted, security firm Malwarebytes recently discovered a fake Meltdown and Spectre patch which actually deposits ‘smoke loader’ malware on the victim’s machine.

The good news – such as it is – is that at the moment, this is targeting users over in Germany, but there’s every chance of similar scams popping up in the UK, US and elsewhere. Indeed, they may be around now, and just not found yet.

The false patch is somewhat clever in that it tries to seem authentic by looking like it’s delivered by genuine German authorities. The website hosting the patch appears to belong to the German Federal Office for Information Security.

The fake patch is delivered as an EXE (Intel-AMD-SecurityPatch.exe) and when run it infects the host PC with the aforementioned malware, which is a piece of malicious software capable of retrieving further payloads to wreak havoc on the user’s machine.

Also note that the real German cybersecurity authorities have been warning about phishing emails which are using Spectre and Meltdown ‘fixes’ as bait.

As ever, when a major threat (or two) emerges and makes a big splash all over the headlines, you can expect nefarious types to try and take advantage one way or another.

Real-world risk

And speaking of another way, the further bad news, as Ars Technica reports, is that white hat security researchers who are looking into these vulnerabilities are coming closer to engineering a practical and usable exploit.

And if the good guys are getting close, there’s every chance that the bad guys out there are as well, which means that an actual real-world attack that leverages one of these bugs could be close at hand.

And that’s a particularly worrying prospect seeing as patching these problems is a highly complex matter, requiring not just firmware fixes for Intel’s processors, but operating system patches – and indeed covering up potential holes in related things like GPU drivers.

Further gremlins are being encountered like Intel’s meltdown patch causing instability with older processors, or Microsoft’s Windows patch provoking boot failures on PCs with older AMD CPUs.

With stumbling blocks getting in the way of a difficult process, and malware authors potentially on the cusp of working out a real-world exploit that can be aimed against Meltdown or Spectre, things look rather dicey indeed.

We can only hope that the fixes are deployed fully – and users are on the ball to patch quickly before a real-world attack is weaponized and starts spreading. On the other hand, don’t be so hasty to install a fix that you fall for a fake patch ruse.

For the full lowdown on defending against these bugs, check out our guide on how to protect against Meltdown and Spectre.

Darren is a freelancer writing news and features for TechRadar (and occasionally T3) across a broad range of computing topics including CPUs, GPUs, various other hardware, VPNs, antivirus and more. He has written about tech for the best part of three decades, and writes books in his spare time (his debut novel - 'I Know What You Did Last Supper' - was published by Hachette UK in 2013).

TOPICS