Hackers injected malicious code into more than 250 major news sites

If you’re online, you’re a target for hackers. Nobody is truly safe, but carelessness and lack of awareness make you more vulnerable to malware, hacks and scams.

Browsing websites and downloading files are part of the online experience, but you must be careful. How do you know what’s safe? Tap or click here for an online tool that checks websites and files for digital threats before opening them.

No newspaper can keep up with the minute-to-minute delivery of news sites. Millions of people visit these sites daily, making them a prime target for hackers. And that’s what’s happening now. Read on for details and what to watch out for.

Be careful where you get your news

Cybersecurity researchers at Proofpoint announced via Twitter that threat actors compromised a media company that serves video content and ads to hundreds of major news outlets.

The hackers behind this attack, which Proofpoint calls TA569, injected malicious code in a Javascript file loaded by the news outlets’ websites. More than 250 regional and national newspaper sites have accessed the malicious Javascript, which has been around since 2018 and is known as SocGholish.

The impacted media organizations serve the following areas, among others:

• Boston.
• New York.
• Chicago.
• Miami.
• Washington, DC.
• Cincinnati.
• Palm Beach.

Visitors to the compromised sites are presented with software updates for Chrome, Firefox, Internet Explorer, Edge or Opera. Downloading the fake updates can infect your computer with malware and ransomware or redirect you to malicious websites.

RELATED: Check your phone! Malware apps with millions of downloads spotted

How to stay safe

If you see a pop-up prompting you to download anything, ignore it. If you want to update a device or program, do it directly through the app or website.

Here are some more tips to avoid falling victim to scams:

• Safeguard your information — Never give out personal data if you don’t know the sender of a text or email or can’t verify their identity. Criminals only need your name, email address and telephone number to rip you off.
• Always use 2FA — Use two-factor authentication (2FA) for better security whenever available. Tap or click here for details on 2FA.
• Always be updating — Keep your devices and apps updated with the latest software to protect against security threats. But make sure you’re getting the updates through official sources. Not random pop-up notifications from news websites.
• Sense of urgency — Here’s a red flag: Any message that tells you to “act now!” or makes you feel rushed and anxious. That’s exactly what the scammers want you to feel.
• Avoid links and attachments — Don’t click on links or attachments you receive in unsolicited emails or text messages. They could be malicious and infect your device with malware and/or steal sensitive information.
• Antivirus is vital — Always have a trusted antivirus program updated and running on all your devices. We recommend our sponsor, TotalAV. Right now, get an annual plan with TotalAV for only $19 at ProtectWithKim.com. That’s over 85% off the regular price!

Keep reading

Antivirus warning: What to do if you see this warning from McAfee

Here’s what it looks like when a virus takes over your computer