Jamie Oliver is cookin’ up something decidedly unappetizing: malware.
The website for the UK celebrity chef has been compromised for the third time this year. Foodies who visited any page on the site on May 9 were likely infected with password-stealing malware, according to Malwarebytes Labs. And, as a drive-by infection chain, there was no user interaction needed in order to become infected.
Attackers used the same means in February and March: browsing any page will trigger a malicious redirection to the Fiesta exploit kit. After using various exploits to compromise a victim, the subsequent served malware makes off with potentially thousands of personal log-ins stored in the browsers of victims, from online banking to shopping sites to email and more.
The code is almost identical to what was used to compromise SubTorrents recently.
“Of course, the minute a password is stolen, it can be used by the attackers themselves, or sold on the black market,” said Malwarebytes Labs senior security researcher Jerome Segura, in a blog. “And this financially-devastating infection doesn’t stop until the malware is quarantined or removed from your machine.”
The newest attack had a fresh aspect however: It goes a step further in efforts to avoid detection.
The malware embeds itself into the Windows registry, which is a database containing important information about the hardware and programs that users have installed. And it used garbled language, likely as a means to make its file unreadable, and thus undetectable, by anti-virus products.
Segura noted that the recurrence of the issue on the site boils down to the fact that website malware is a different beast than Windows-based malware. The problem is that often, webmasters will get rid of the obvious signs and symptoms: In this case, that would be the malicious injection. But, that’s not what caused it in the first place.
The team in charge of Jamie Oliver’s website has acknowledged the issue and is taking steps to remediate this problem once and for all, it said.