After the discovery of security vulnerabilities Meltdown and Spectre that are related to all the modern processors manufactured in the past 10 years affecting nearly all computing devices and operating systems, many companies started releasing patches to mitigate these vulnerabilities.
Taking advantage of this, cybercriminals have started phishing scams by providing fake patches to Meltdown and Spectre. One such scam is discovered by Malwarebytes recently which targeted German users. It found an SSL-enabled registered domain offering information about these security vulnerabilities by providing external links to other resources.
While the content of the website appears to come from the German Federal Office for Information Security (BSI), it isn’t affiliated with any legal government entity. Also, it provided a fake link to a ZIP archive (Intel-AMD-security patch-11-01bsi.zip) containing a patch Intel-AMD-security patch-10-1-v1.exe. which is a malware.
Unfortunately, if users download these files, their PCs will be infected by the Smoke Loader malware. This malware is capable of downloading more payloads by connecting to various domains and sending encrypted files.
Malwarebytes immediately reported this abuse to Comodo and CloudFlare which was quickly resolved by them. Therefore it is advised to download the software from legitimate vendors because online criminals always look forward to take an advantage of publicized events and exploit them. Also, note that all the sites using https doesn’t have to be trustworthy as the SSL certificates only imply secure communication between websites and browsers, but it isn’t related to the content offered.