MUST KNOW

Beware of this fake Chrome update, it is installing malware that can take over your computer

Amid the constantly evolving realm of cybersecurity, a persistent menace rears its head in the form of a deceptive fake Chrome update. This fraudulent software, posing as a legitimate browser update, remains active and continues to pose a significant threat to unsuspecting users.

The fake Chrome update is more than it seems, as it operates as a Remote Access Trojan (RAT) that can gain control of your computer. Often serving as the initial step in a ransomware attack, this malware can lead to substantial financial losses and data breaches.

Read More: IndiGo Big Update: Airline Clarifies Web Check-In Not Mandatory | Read Statement Here

Cybersecurity experts have discovered a fresh variant of this malware, dubbed “FakeUpdateRU” by Jerome Segura of MalwareBytes. Notably, this is distinct from the previous SocGholish malware, signaling the involvement of a different hacker group capitalizing on the growing demand for ransomware attacks.

Numerous similar groups have emerged recently, prompting a swift response from Google. The tech giant has taken action to block most websites distributing this malware, displaying warning pages if users attempt to access them. The malware manipulates the main index[.]php file of website themes, closely mimicking the appearance of an authentic Chrome update page.

What sets the fake Chrome update apart is its use of plain HTML code sourced from the UK English version of Google’s website. This suggests that the hackers employed a Chrome (Chromium-based) browser to craft the malware, resulting in the presence of Russian words in the files, even for non-Chrome users.

Read More: ICICI Bank Customers: Here’s How You Can Manage Fixed Deposits On IMobile, Check Step-By-Step Guide

The malware’s true danger lies in the JavaScript code at the bottom of the fraudulent update page. This code initiates the malware download when users click the “Update” button, using a Chrome-themed domain to acquire the final download URL, typically on another compromised website. The malware is associated with the Zgrat and Redline Stealer malware families, both known for their involvement in ransomware attacks.

Crucially, the fake update pages and the malware files are hosted on different hacked websites. Hackers employ multiple domains with similar names to redirect users to the malware .ZIP file, continually changing and registering them to maintain the scale of their malicious campaign.

Read More: Digital Life Certificate: Here’s How to Submit Jeevan Pramaan Patra Online With Aadhaar Authentication

To identify infected websites, users can search for a specific Google Tag Manager script, offering insight into the extent of the threat. In response to Google’s swift action in blocking domains that redirect users, hackers have adapted their tactics by linking directly to downloads on other compromised websites. This necessitates the reinfection of numerous sites, rather than altering a single file on their server.

To guard against these Chrome updates that include malware threats, experts recommend keeping plugins and themes updated, fortifying WordPress websites, and maintaining regular data backups.

Source :
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Most Popular

To Top