While the Heartbleed security bug affected thousands of web services worldwide and exposed millions of passwords online, the hype around the bug has subsided over the last couple of weeks. It is still not known how many people have actually heeded the warnings and changed their passwords. However, most major online services have rectified the problem from their server end.
OpenSSL technology was compromised as a result of Heartbleed, and any service provider that was using this technology has either shifted from the same or upgraded to another platform. In fact, major technology companies like Google, Microsoft, Facebook and others have significantly contributed in monetary terms, towards the improvement of this platform since then.
Nonetheless, there are several scammers and nefarious parties that are taking advantage of the panic and the false news stories that accompany security threats of this scale. This is something we had thought would happen, and the HelloBridge Trojan seems to be one of many such threats that are aiming to take advantage of the situation.
What is HelloBridge and how does it work?
HelloBridge is the tip of the iceberg of a new attack campaign that fools people into downloading an innocent looking program. The bait that is offered here is a fake Heartbleed vulnerability detection tool that people are lured into installing. Showing a user a prominent and panic-inducing message is not a hard task, so it becomes simple to get someone to download this Trojan.
A simple message like “Check if your PC is infected by Heartbleed” will be more than enough to trick several people into clicking on this link and installing a fake program that deploys malware into the user’s system. So far, this threat seems to be originating from Southeast Asia, but we expect that other similar threats may also arise soon enough.
Once installed on a system, HelloBridge opens a backdoor that allows other malicious files to enter. It constantly exchanges data back and forth with a remote command and control server, and also leaks confidential data from the system. Needless to say, once this Trojan has entered a system, several other issues start cropping up.
Tips to remember to avoid such Trojans
While we cannot prevent each and every person who clicks on such a link, we can offer the following tips to keep in mind about Heartbleed and such fake programs.
- Never click on suspicious looking popup ads and messages like this.
- Always download programs from trusted sources.
- Stay aware about security threats like Heartbleed. It does not affect individual PCs so there is no chance that your system will need a tool to detect its vulnerability and remove it.
- Change your passwords if you are using any of these web services.
- Always have an effective, reputable and updated antivirus suite installed on your PC.
With the right information and awareness, Trojans like HelloBridge can be avoided and rendered useless. We strongly advise all our readers to stay abreast with the latest developments in the IT and security world, especially when such far-reaching security outbreaks occur. In cases like this, prevention is always better than cure.