While Equifax continues to deal with the fallout of the massive data breach it announced in September, a security expert is raising fears that the consumer credit rating agency might have another security problem on its hands.
Independent security analyst Randy Abrams says the site redirected some visitors to download a fraudulent update for Adobe Flash that, when clicked, would infect the user’s computer with Malware. (Fortune was unable to reproduce the steps that caused the ‘update’ to appear on Thursday morning.)
Abrams, who says he encountered the spyware three times on Wednesday, posted a video warning people what to look out for.
When users attempted to contest incorrect information on their credit report, the site redirected them to an unfamiliar URL, which prompted the update.
The Flash “update” was actually a file called MediaDownloaderIron.exe, which was infected with Adware.Eorezo, an adware program that only sounds alarms on three of the leading virus scanners.
Equifax, in a statement, said they were aware of the matter and have taken the page offline.
“We are aware of the situation identified on the equifax.com website in the credit report assistance link,” said a spokesperson. ” Our IT and Security teams are looking into this matter, and out of an abundance of caution have temporarily taken this page offline. When it becomes available or we have more information to share, we will.”
The September breach at Equifax exposed the personal data of nearly half the country. It has spawned class-action lawsuits and Congressional investigations, but many have criticized the company’s response, which included executive stock selloffs and a security check tool that asked for even more personal information.
