MercadoLibre, the leading auction site in Latin America, was recently used to spread malware. Cybercriminals were able to inject a malicious script into the page, which prompted users to download and run a fake Adobe Flash Player installer.
The supposed installer, however, is actually a malicious file detected as TSPY_DABVEGI.E. Running this file would cause the malicious file’s routines to be seen on the affected system.
This incident highlights how even “clean” and well-run websites can be used by cybercriminals to spread malware. The security team of MercadoLibre has removed the malicious code that had been injected into the pages. Hat tip to Juan Castro of Trend Micro LAR for initially bringing this threat to light.