Hackers have found a new way to trick people into downloading and installing malware: convince them that their Google Chrome browser is outdated and needs a manual update.
Remotely compromising a device or software requires a lot of technical knowledge. But what if hackers could persuade people to compromise their own devices? That takes a lot less work and not nearly as much technical expertise.
According to a TechRadar report, security researcher Rintaro Koike discovered a malicious campaign in which attackers devised a way to compromise legitimate websites, primarily in Japan, South Korea and Spain, and display fake Chrome update notifications.
Most of the time, when attackers send a message, they convey a sense of urgency in their effort to presuade people to interact with the link or attachment. It’s a tried and true method, but criminals in this case chose a different path.
“An error occurred in Chrome automatic update. Please install the update package manually later, or wait for the next automatic update,” reads the displayed fake message. The lack of urgency might be even more persuasive for some users.
Of course, the file the victim downloads has nothing to do with a Chrome update. It’s actually a Monero cryptominer that will use the CPU to extract crypto, unbeknownst to the user.
The security researcher also discovered that the code is compatible with more than 100 languages, so it’s likely part of a bigger campaign ready to deploy worldwide. In this case, the best protection is knowledge. Users need to know that Google Chrome has its own update mechanisms, and they never need to download a manual update.
tags
Silviu is a seasoned writer who followed the technology world for almost two decades, covering topics ranging from software to hardware and everything in between.
View all postsDecember 19, 2024
November 14, 2024