• Home
  • How Cybercriminals utilize malware to steal information by deploying a fake Google Chrome update.
cybercriminals
rosysnet June 19, 2024 blog-microsysnet 0 Comments

Cybercriminals new threat campaign has been discovered that tricks users into downloading and installing malware by pretending to be Google Chrome issues.

It was discovered that cybercriminals were breaking into trustworthy websites to upload backend programs. These extra scripts are meant to show a phony Google Chrome update error page that says you need to install an automatic update in order to continue viewing the website. Then, in order to continue browsing, users are prompted to download a file containing a malicious ZIP file, according to a blog post by NTT Security Holdings, a Japanese cybersecurity company.

According to a research by Bleeping Computer, a number of websites, including blogs, news sites, online retailers, and adult websites, were discovered to have been utilized to propagate the campaign.

Several threat actors, some of whom are well-known for running spam distribution operations by sending massive amounts of emails, were seen using the new campaign, according to a Bleeping Computer investigation.

In the first instance, a notice informing viewers that a webpage is not showing correctly is presented to them. The alert instructs the user to run a PowerShell script in a Windows Admin panel and copy it to the Windows Clipboard in order to install a “root certificate.” This script downloads and installs an info-stealer onto the device, displaying fake messages in the process.
Compromised websites are likewise used in the second manner. On the other hand, attackers were discovered to be utilizing Google Chrome error overlays in this technique.

Compromised websites are likewise used in the second manner. On the other hand, attackers were discovered to be utilizing Google Chrome error overlays in this technique.

In the third technique, hackers send out emails that seem like Microsoft Word documents asking recipients to download what appear to be “Word Online” extensions in order to properly access content. Additionally, there are offers for “How to fix” and “Auto-fix” options in the error message. According to the attackers, these commands can be copied to the clipboard and then pasted into PowerShell to fix the problem. But just as previously, malware is downloaded onto the device using this, jeopardizing user security.

Although the effort relies on user ignorance to spread malware, the problem has been made worse by Windows’s incapacity to identify and stop unwanted activity but proper managed antivurs software make sure to protect the system from all above threats by having proper user admin control by limiting standard users with no admin previlages.

Educating Teams to Counter Cyber Threats with Cloud Based Antivirus

 

 

Leave Comment

× How can I help you?