Hasbro website keeps spreading malware says security firm

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Hasbro malwareIf you’re in the market for toys and games for your kids, you might want to avoid the Hasbro website.

That’s the warning that’s been issued by security researchers at Barracuda Labs who claim that the toy retailer’s website has been infected with malware *four* times this year already.

In a blog post, Barracuda analyst Paul Royal has shared details of how the Hasbro website has been pushing malware onto visiting computers.

Hasbro website

Sign up to our free newsletter.
Security news, advice, and tips.

Via a sequence of obfuscated JavaScript and redirects, visitors to the Hasbro website have been taken to malicious webpages hosting drive-by code which exploits vulnerabilities in Java to silently infect customers’ computers.

According to Barracuda, the latest infection on Hasbro’s website was seen by them on Monday January 20th, but they also found infections on January 14th, 11th, and 10th.

And, in Barracuda’s opinion, that means its not safe to visit the site until the company has confirmed that it has resolved the issue:

Given the frequency with which Hasbro’s website has recently served drive-by downloads, Barracuda Labs recommends that users refrain from visiting the site until its operators have confirmed it is again safe.

Clearly there has been a serious problem with the security of the Hasbro website. One has to hope that they have finally got a handle on the problem, and shut down any security holes that have so far made it too easy for hackers to plant their malicious code.

And, don’t forget, this is yet another reminder that unless you *really* need it, you should probably disable Java in your web browser. If you don’t use Java, you can’t be caught out by a Java exploit.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.