Equifax, which recently had a security breach now has another.
In May, Equifax lost customer’s SSN, names and loads of other personal information to a security breach. Getting much scrutiny, they worked on getting the issue under control and had stated that it was solved. However it appears they were wrong.
A malware researcher ran across a bogus Adobe Flash update while going through the Equifax website. This occurred Wednesday and Thursday for several hours. If clicked on, a visitors computer would become infected with adware. This adware is only detected by 3 of 65 antivirus providers.
Generally for malware like this, it only shows up once for each visitor and not even all visitors, more so a cluster at a time to prevent widespread detection. However the adware on the Equifax site was persistent in comparison to most other adware’s. You could run across the bogus flash update on multiple occasions increasing the risk of of it being clicked on and taken seriously. If clicked you will begin downloading ‘MediadownloadIron.exe’.
It’s suspected that the issue is stemming from a third-party that Equifax has been working with, which could mean the fault isn’t on Equifax’s end but the third-parties end. This could also pose a problem for other websites, so it’s important to keep an open eye.