A copy of the fake installer incident that occurred even when downloaded from the official website
- niwanaga
- 13 hours ago
- 4 min read
Hello. I'm Ai, and I'm in charge of marketing at PIPELINE Co., Ltd.
Recently, the popular text editor EmEditor It has been reported that the official website of the company has been defaced.
Similar fake installers and tampered distribution files are a threat to users and businesses.
The key point of this case is that even if users believe they are following the correct procedures, they could still be harmed .
In this article, we will summarize the key points of the issue and provide practical countermeasures that can be implemented immediately.
■ Why caution is needed
Software distributed over the Internet is
Download from a legitimate site
Unofficial mirror sites and advertisements in search results
Defaced file distribution page
There are several entrances .
When a fake installer is distributed from a page that appears to be the official website, as in this case,
There is a risk that the user may execute the command without realizing it.
Fake installers can pose several risks when run:
Malware infection
Unwanted application installation
Collection and leakage of personal information
System tampering
■ 3 steps to respond immediately
① Check the download source and the "true identity of the file" together
First, check the following at the time of download:
Is the domain name displayed in the browser address bar official?
Is the lock icon (HTTPS) displayed?
*Fake sites may use URLs that look very similar. Be sure to check the order of the characters and the end of the domain.
In addition, you should also . The easiest way to do this is to check the digital signature .
Right-click on the downloaded file
Open "Properties"
Select the Digital Signature tab
Check if the "Signer Name" is a legitimate source
Just by checking this, it will be easier to identify cases where you thought you had obtained the file from the official website, but it was actually a different file.
If you are familiar with how to check SHA-256 hashes , it is also effective to compare them with the officially published values.
② Always scan with security software
Before downloading or installing,
Scan the file with antivirus software
Do not run until the scan results indicate it is safe
It is important not to skip this step.
This extra step is often skipped in situations where you think, "It's official, so it's okay," but it is the final step that prevents damage .
3. Be suspicious of pages and links that appear to be official streams
Advertisements displayed in search results and distribution pages known as "mirror sites" often have the appearance of almost identical legitimate software, using the same name as the official version. For this reason, it is important to make it a habit to obtain software from legitimate links on official websites rather than downloading directly from search results.
In conclusion
Incidents like this one did not occur because of "suspicious operations," but rather as an extension of "normal operations" that anyone would do.
That is why companies that operate websites must always be careful not to become perpetrators .
■ Actions that companies and organizations should take
Up until now, we have looked at points that users should be aware of . From here, we will change perspective and introduce points that companies and organizations that operate and publish their own websites should check.
The following measures are effective in checking whether your site is safe:
Is it an official HTTPS site? Check the lock icon and certificate details
Is the source of the information officially notified? Check that it matches the email and official announcement.
Refer to the standard threat information distribution service that compares with warnings from IPA/JPCERT, etc. Information-technology Promotion Agency
...It is necessary to create an environment where the above checks can be monitored daily.
■ Safety comes from "accumulating confirmations"
A characteristic of the distribution of fake installers like this one is that at first glance they look no different from the genuine ones, and the damage can become greater without the operators even realizing it, so it is important to make it a habit to check for safety .
PIPELINE Inc. can provide a website monitoring service ( RiskSensor ) that helps avoid brand damage incidents that could threaten your business.
Even if you don't have the resources to set up an internal monitoring system, you can immediately monitor the current situation from an external perspective with just one domain, and our group of cybersecurity experts will protect your company from the perspective of external hackers.
Why not start maintaining your company's brand easily and quickly?
✦ Conclusion
Thank you for reading this far.
We at PIPELINE Inc. are a group of experts specializing in cybersecurity and threat intelligence.
Every day, we face threats on-site together with our customers.
"Even if we have a specialized team in-house, we don't have enough resources ." " I don't know where to start. " "I want to prepare realistically, assuming that an attack will occur."
Regardless of the size of a company, the current situation is that weak areas of defense are likely to be targeted.
Furthermore, by keeping things to yourself within the company, it is inevitable that things will be overlooked.
That's why we don't focus on idealism, but instead focus on methods that are useful in the field, proposing ways to start small and easily. Even "one small step within your capabilities" can make a big difference in safety.
If you have any concerns, please feel free to contact us. We will work together to find the best way to strengthen your security in the shortest possible time.
