The official website of the government of Arcadia (arcadia-fl.gov), a city in Florida, has been breached and set up to push a pop-up advertising a video player.
Researchers from Malwarebytes were the first to report the breach. Experts found that the site’s visitors were presented with a pop-up message that instructed them to install VIO Player via the Optimum Installer download manager. Such installers usually try to get (trick) users to install other pieces of software, such as web browser toolbars.
By the time Malwarebytes got to analyze the compromised website, the application served to users had already been removed. However, according to a VirusTotal analysis from around two weeks ago (7/51 detection rate), the file appears to hide a Trojan or possibly a piece of ransomware.
Malwarebytes products detect the threat as Trojan.Agent.ZT.
The administrators of the Arcadia website quickly removed the pop-up from the website after being notified by experts. However, the incident shows that there are a lot of vulnerable government websites, even in the United States.
The problem with government websites is that many users tend to trust them. So if cybercriminals use these sites as a medium to distribute their shady or malicious programs, a lot of people might take the bait.