Equifax’s site hacked to redirect info-seeking visitors to adware

Here’s the last incredible-but-not-really Equifax security blunder: it appears that their Web site has been hacked, and made to redirect to site serving adware masquerading as an Adobe Flash update.

The discovery was made by security researcher Randy Abrams, who was trying to find his credit report on the Equifax website and triggered the redirection by clicking on a link (as demonstrated in this video):

According to the information he shared with Ars Technica, the fake Flash update conceals a file named MediaDownloaderIron.exe, which, according to VirusTotal, is detected as adware by only three AV solutions. For the moment, only Malwarebytes flags the URL of the site serving the adware as malicious.

Abrams encountered this malicious redirect on Wednesday evening, but multiple sources have since confirmed that it is no longer happening.

There has been no comment from Equifax on this latest incident, and it is unknown whether the redirect code has been scrubbed by them or by the hackers who put it there in the first place.

In any case, the fact that their Web site has no information on how to report security issues issues on it is another (unsurprising) weakness.

UPDATE (October 23, 2017): An investigation into the issue revealed that the malicious redirect was powered by a script from an analytics provider used by Equifax.