Hasbro website keeps spreading malware says security firm

Graham cluley
Graham Cluley
@
@[email protected]
@gcluley

Hasbro malware If you’re in the market for toys and games for your kids, you might want to avoid the Hasbro website.

That’s the warning that’s been issued by security researchers at Barracuda Labs who claim that the toy retailer’s website has been infected with malware *four* times this year already.

In a blog post, Barracuda analyst Paul Royal has shared details of how the Hasbro website has been pushing malware onto visiting computers.

Hasbro website

Sign up to our free newsletter.
Security news, advice, and tips.

Via a sequence of obfuscated JavaScript and redirects, visitors to the Hasbro website have been taken to malicious webpages hosting drive-by code which exploits vulnerabilities in Java to silently infect customers’ computers.

According to Barracuda, the latest infection on Hasbro’s website was seen by them on Monday January 20th, but they also found infections on January 14th, 11th, and 10th.

And, in Barracuda’s opinion, that means its not safe to visit the site until the company has confirmed that it has resolved the issue:

Given the frequency with which Hasbro’s website has recently served drive-by downloads, Barracuda Labs recommends that users refrain from visiting the site until its operators have confirmed it is again safe.

Clearly there has been a serious problem with the security of the Hasbro website. One has to hope that they have finally got a handle on the problem, and shut down any security holes that have so far made it too easy for hackers to plant their malicious code.

And, don’t forget, this is yet another reminder that unless you *really* need it, you should probably disable Java in your web browser. If you don’t use Java, you can’t be caught out by a Java exploit.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, on Mastodon at @[email protected], or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.