Reader’s Digest is currently suffering from an active hacking campaign that is causing the site to infect visitors with malware. The site’s administrators were warned of the activity by Malwarebytes several days ago, but it looks like no action has been taken to remedy the situation.
The cyberattack on Reader’s Digest is not particularly noteworthy for the methods used. Security researchers note that it was done using Angler, a “commercially” available exploit kit commonly used by cybercriminals who lack the ability to engineer their own exploits. The malware gains access through outdated software like Adobe Flash or Internet Explorer – which is likely in use by people who still read Reader’s Digest – and takes over the computer.
Malwarebytes informed Reader’s Digest of the situation last Thursday, but did not received any response from the site administrator. Ars Technica investigated the situation earlier today and found that the site is still infecting unsuspecting computers. Which means that Reader’s Digest is well aware of the problem, but has either not done anything about it or failed to fix the problem.
It might be redundant to tell our readers to avoid the site for the time being, but chances are you are all still surprised that Reader’s Digest has an online site. However, it is rare for websites to keep operating for this long while knowingly distributing malware; so just stay clear of this one for the time being.
[Source: Ars Technica, Malwarebytes]
