There are multiple fake “update your browser” campaigns active right now that are aiming to trick people into installing all kinds of malware on their devices.
A new report from Proofpoint observed at least four different campaigns, delivering different malicious software to the victims. The first thing these groups do is compromise legitimate websites in one of a number of ways, from brute-forcing their way in to leveraging vulnerabilities in different modules of the websites.
Once they gain access, they modify the site to display a popup that impersonates Google, Mozilla, Microsoft, or other companies with their own browser (depending on what the user is running at the time of the visit). The popup informs the user that their browser is outdated, and if they want to view the content of the site, they need to download and install an update.
Reader Offer: $50 Amazon gift card with demo
Perimeter 81's Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.
Preferred partner (What does this mean?)
Infostealers and other malware
How people end up on these sites is anyone’s guess. Some must be frequent visitors, but others might get a link through an email or a social media message, or could even stumble upon the sites through SEO poisoning or malicious ad campaigns.
In any case, if they download and run the “update”, they will infect their endpoint with one of these malware (at least in this latest instance): SocGholish, NETSupport RAT, Lumma, Redline, or Raccoon v2. All of these are capable of extracting sensitive information from the victim, which can later be used for either stage-two attacks, or identity theft.
The best way to protect against these kinds of attacks is to use common sense. None of the biggest browser makers request their users to update their browsers in order to view the content, and even if they do want them to update - they wouldn’t do it through a pop-up window. Most browsers are automatically updated in the background, without user interaction.
More from TechRadar Pro
- Everything you need to know about Chrome’s latest zero-day emergency and update patch
- Here's a list of the best firewalls today
- These are the best identity theft protection tools right now
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.