Skip to main content latest big name hacking victim thanks to Citadel Trojan infection

American television network NBC is working to resolve a problem on its website after security researchers began issuing warnings that and related sites had been hacked and infected with malware that was redirecting visitors to malicious websites.

"We've identified the problem and are working to resolve it. No user information has been compromised," NBC said in a statement.

Malware on and other sites associated with the TV network's entertainment portal was also detected and blocked by Internet browsers like Google's Chrome, NBC News reported. The network's NBC News Digital sites, including and, were unaffected, according to NBC News.

Facebook also blocked for a period of time after reports of the malware infection emerged, according to Reuters.

Security software developer Malwarebytes identified the malware infecting and related properties as the Citadel Trojan.

"This morning, was hacked and embedded with malicious iframe code that spread the Citadel Trojan. It was detected as Backdoor.Agent.RS. ... The NBC web site was compromised for about 15 min and the actual iframe with the malicious redirect was embedded in a javascript file located on the web server," a company spokesperson wrote in an emailed statement.

The Malwarebytes spokesperson said Citadel is a reproduction of the older Zeus Banker Trojan and "has the same capabilities of stealing financial information from users." The parties responsible used the RedKit exploit kit and vulnerabilities in Java and Adobe Reader to spread the Trojan on NBC's websites, she added.

While it appeared late Thursday that NBC was successful in purging the infected code, anyone infected with the Citadel Trojan after visiting an NBC site earlier in the day may also have risked having the ransomware installed on their system, the spokesperson said.

Meanwhile, security researcher Dancho Danchev theorised that the group behind the hack may be the same cybercriminals responsible for faked Facebook emails that direct customers to infected Web pages.

The tactics of the attack and sites infected users were redirected to mirrored the details of the earlier Facebook campaigns, Danchev said on his security blog, adding, "Someone's multi-tasking. That's for sure."