Fixing your oven can cook your computer

Appliance vendor Hotpoint's UK service site is serving malware when you seek repairs

Updated If your Hotpoint cooker or washer's on the blink, don't arrange a repair by visiting the manufacturer's website: the appliance vendor has been inadvertently foisting nastyware onto visitors.

As spotted by Netcraft, fake Java update dialogs started appearing on Hotpoint's UK and Republic of Ireland sites this week. If you click “Install” you won't be updating Java, you'll be firing up obfuscated JavaScript that Hotpoint did not place on its site. That script tries to hide the fact it refers to a third-party site that can send a custom payload of malware your way.

That payload won't do nice things to your endpoint and may expose you to attacks like drive-by malware or phishing.

Netcraft says the source of the problem is almost certainly Hotpoint's WordPress installation, and notes that the content management system “is notorious for being compromised if both it and its plugins are not kept up to date.”

The website in question – hotpointservice.co.uk – is a fine target for crims because it's suggested as the place to register new products. Netcraft worries that the attack's done rather well because it landed in time before the Easter long weekend, meaning four sysadmin-free days of operation before IT staff came back to work and had the chance to fight back.

Hotpoint's website and social feeds are silent on the matter. The Register has asked Hotpoint if the attack was detected and defended and whether any customers or their data were compromised. When we hear back from the biz, we'll update this story. ®

Updated to add

A spokesperson for Hotpoint has been in touch to confirm the bad news:

We can confirm the Hotpoint service website was temporarily compromised after being hacked. We moved quickly to resolve this issue and we can confirm this is now secure and safe for customers to use. We do not believe that any consumer data was impacted, consumer appliance registrations were redirected to a third site, which was not impacted by this event. Our team have subsequently taken a number of steps to further protect our websites to ensure there are additional security measures in place.

Biting the hand that feeds IT © 1998–2017