Hackers have reportedly infiltrated Sony’s U.S. PlayStation website in an attempt to gain credit card information from unsuspecting users.
Sophos, a computer security and anti-virus company, claims hackers have inserted code into Sony’s SingStar Pop and God of War pages on the PlayStation site that display false messages telling users their computers have been infected with spyware and viruses, and offering them a link to download “Antispyware” software.
Sophos said the intent is to scare users into buying “bogus” security software, but added, “It would be trivial for the hackers who compromised the webpages to alter the payload so that it became more malicious, and installed code designed to turn Windows PCs into a botnet or to harvest confidential information from users.”
“There are millions of video game lovers around the world, many of whom will visit Sony’s PlayStation website regularly to find out more about the latest console games. Most would never expect that surfing to a website like this could potentially infect them with malware,” said Graham Cluley of Sophos. “If users do not have sufficient protection in place then they might find that before they know it they have been scared into handing their credit card details over to a bunch of cybercriminals. It is essential that all websites, especially when they are high profile like this or receiving a large level of traffic, have been properly hardened to prevent hackers from injecting malicious code on to what should be legitimate webpages.”
Sony has not yet responded to a request by MCV for comments, but the company is likely to have already acted to rectify the problem; my own trip to the PlayStation site yielded no sign of malware popups, although I did get to watch a few seconds of a nice Ashlee Simpson video. For the curious, however, images of the popup can be seen at the Sophos website.