Google warns of state-backed web hijack attack • The Register

Google has warned customers of a suspected state-backed attack after observing a web traffic hijacking campaign.

As explained in a Monday post by Google Threat Intelligence Group senior security engineer Patrick Whitsell, the company’s infosec sleuths “discovered evidence of a captive portal hijack being used to deliver malware disguised as an Adobe Plugin update to targeted entities.”

Captive portals are login pages – like the sort of thing you see when connecting to public Wi-Fi, or some corporate networks. Google found attackers compromised edge devices on the target networks and used those machines to poison captive portals so they redirect to a fake page that advises users to download necessary security updates.

The updates are, in fact, malware that first retrieves an MSI package,