The official website of the American toy and board game company Hasbro (Hasbro.com) has been compromised by cybercriminals and abused to distribute malware onto visitors’ computers.
According to researchers from Barracuda Labs, the website was found to push malicious software on numerous occasions, including on January 10, 11, 14 and 20.
Visitors of the site are taken, via multiple redirects, to a site that serves several Java exploits. If the exploits are successful – meaning that a Java vulnerability is present on the targeted device – a piece of malware is installed.
Unfortunately, not many antivirus engines are capable of detecting the threat. Barracuda has published an archive containing packet capture (PCAP) files related to the attack, so hopefully most antiviruses will start detecting the malware soon.
In the meantime, users are advised to avoid visiting the Hasbro website. If you have accessed the site over the past weeks, regularly scan your computer with an updated antivirus solution.