The Latest in IT Security

The official website of GoPro is compromised to serve malicious code


The Websense® ThreatSeeker® Network has detected that the official website of GoPro (at, the popular brand for "wearable" cameras, has been compromised and injected with malicious code.  We have contacted GoPro and let them know about the compromise but to date, we have not heard back from them.

Websense customers are protected from this threat with ACE our Advanced Classification Engine.

The injected code is resident in multiple locations on the main page. This injection is part of mass injection that is known to us and that is doing its rounds over the web at the moment (see image 2 marked in red). Our ThreatSeeker network also spotted that hosts of localized versions of are injected with malicious code as well; for example the local website of GoPro France at Other local versions include:

Image 1: The official Website of – the main page

Image 2: The injected code marked with red on the official website of GoPro (at

Once a user visits the injected code (marked in red) gets translated to an Iframe that leads the user automatically and without any interaction to a malicious redirector at (see image 3 for full URL). The malicious redirector at further redirects the user to an exploit Website loaded with the Blackhole exploit kit located at On the exploit website several exploits are sent to the user's browser and on successful exploitation the user's machine is infected with malware, at the time of the post that malware has ~9% antivirus detection rate, according to 

Image 3: The injected code translates to an Iframe that takes without user interaction the visitor to an exploit Website

Image 4: The exploit Website is loaded with the infamous Blackhole Exploit Kit

We shall update the blog with additional information as it comes to light.

Leave a reply



Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments