Amidst the ever-evolving world of cybersecurity, a persistent threat rears its head in the form of a fake and fraudulent Chrome update . This fraudulent software, which represents a legitimate browser update, remains active and continues to pose a major threat to unsuspecting users.
The fake Chrome update is more than it seems, as it acts as a remote access Trojan (RAT) that can take control of your computer. This malware is often the first step in a ransomware attack, and can lead to significant financial losses and breaches. For data.
According to India Today cybersecurity experts have discovered a new variant of this malware, which Jerome Segura of MalwareBytes has named “FakeUpdateRU”. It is worth noting that this is different from previous SocGholish malware, suggesting the involvement of a different group of hackers who are taking advantage of the increasing demand for ransomware attacks.
Several similar groups have emerged recently, prompting Google to respond quickly. The tech giant has taken action to block most websites distributing this malware , and displays warning pages if users attempt to access them.
The malware manipulates the main index[.]php file of the website's themes, closely mimicking the appearance of the original Chrome update page.
What sets the fake Chrome update apart is its use of plain HTML code sourced from the British English version of Google's website. This suggests that the hackers used the Chrome browser (based on Chromium) to craft the malware, resulting in Russian words in the files, even for non-users. Chrom.
The real danger of the malware lies in the JavaScript code at the bottom of the phishing update page. This code initiates the malware download when users click the Update button, using a Chrome-themed domain to get the final download URL, usually on another compromised website.
The malware is related to the Zgrat and Redline Stealer malware families, which are known to be involved in ransomware attacks.