Celebrity Chef Jamie Oliver’s Website Hacked, Users Redirected to Exploit Kit
The official site for British chef, Jamie Oliver, was taken over by hackers and abused to redirect visitors to an exploit kit possibly infected hundreds of thousands.
Jamie Oliver is an English celebrity chef, restaurateur, cookbook author, and TV personality who operates his own food-focused television show which is widely popular among chefs and foodies around the world. Publishing several cookbooks, Oliver has also been working on a global campaign for better food education.
Contrary to most web-based exploits, cybercriminals targeted chef Jamie Oliver’s website directly, injecting malicious JavaScript malware that redirected visitors to another hacked and malware laced site, antkai[dot]com. Visitors were further redirected to a landing page which hosted the exploit kit, Malwarebytes reported.
The site cybercriminals redirected Oliver’s site to was a legitimate Wordpress site which had been compromised, performing redirects to the exploit kit. Visiting the same page twice did not direct visitors to the exploit kit twice, due to its filtration setup. The malware also focused heavily on filtering out VPN’s, requiring users to have a residential IP address to be redirected.
The exploit kit, which malwarebytes did not directly identify but said appeared Fiesta-esque, launched at least three exploits, (Flash (CVE-2015-0311), Silverlight (CVE-2013-0074) and Java) which the firm accurately blocked. Malwarebytes said the exploit appeared to be Fiesta EK, but the piece of JavaScript injected into the page was not obfuscated, turning them away from the Fiesta exploit.
Too further cause issues, when the initial site had been hacked and redirected to the exploit kit only two out of the 57 commercial antiviruses picked up the malware. At the time of writing this article, VirusTotal reports that 27 out of the 57 now recognize the malware dropper.
Another noticeable issue with the malware is it hijacks and redirects search traffic, causing unwanted redirections, misleading users to install phony software on their system wreaking more havoc.
If you recently visited chef Jamie Oliver’s website searching for a recipe or similar, your machine may be infected with the malware dropper. The list of victims could be especially huge, seeing as Jamie Oliver’s website fathers over 10 million hits per month.
Jamie Oliver’s web team responded to the issue timely, telling Business insider the site was once again safe to visit. Oliver’s spokesperson said:
“The team at jamieoliver.com found a low level malware problem and dealt with it quickly. The site is now safe to use. We have had only a handful of comments from users over the last couple of days, and no-one has reported any serious issues. We apologise to anyone who was at all worried after going on the site. The Jamie Oliver website is regularly checked for vulnerabilities by both our in-house team and an independent third party and they quickly deal with anything that is found. The team is confident that no data has been compromised in this incident but if anyone is worried, do please use the contact form on the site.”