A new campaign involves the use of a fake digital certificate “update” to try and infect systems of visitors to previously compromised websites. Kaspersky researchers observed visitors to various websites being greeted with a warning about the site’s security certificate having expired and being invited to download an updated one instead. The campaign appears to have started around mid-January and impacted visitors to several websites, including one belonging to a zoo and another to an auto parts dealer. The method is a slight twist on an approach that attackers have employed for a long time of hiding malware in fake software and browser updates.”]