After the zero day exploit, people are rushing to get the newest patch updates for Java. Unfortunately, some of the users are falling victim to a malware that appears to be a genuine Java update. This malware has infected quite a few number of computers and caused serious damage. So, downloader, beware.
Trend Micro says that at first the malware directs the users to a malicious site that requests the users to install a new version of Java. The hit seems quite subtle and the website, as displayed, relates to the protection from cyber attacks and crime affairs, thus urging to download the Java update provided.
But the website is not that obvious. There’s a way to detect this fake update. The site that requests to download the update has misspelled the word “requires” by writing it “require”. The message: “A newer version of Java is require”
Although the malware doesn’t capitalize on the zero day exploit issue, but it does allow the invader to take over the infected systems. Instead of downloading a Java update, 2 files are downloaded that helps to connect the infected systems to remote servers and gradually gain control over the victim’s screen.
Trend Micro suggests users to be careful and go for original Java updates from Oracle. And those who don’t use Java quite often should just disable Java temporarily or switch to any other software.