Posted on March 26, 2020 at 6:38 PM
Russian “Doctor Web” virus researchers are warning Google chrome users that there is a new wave of cyber attack disguised as Google Chrome update.
The researchers revealed that the hackers are deceiving users to download these updates, but in actual sense, they are tricked into downloading a dangerous backdoor that will infect their systems.
Hackers taking advantage of the current situation
Throughout last week, Microsoft and WhatsApp have issued out information and details about updates to their system. While WhatsApp has warned its users about upgrading their platform, Microsoft has issued a series of Windows 10 updates to keep users’ systems safe from the widespread exploitation from hackers posing as COVID-19 informants.
And as a result of the current adjusted work schedules for Google developers due to the virus outbreak, Google has stopped all its scheduled chrome releases.
The tech giant has also postponed the next chrome release, which was supposed to be Chrome 82. But Google had reiterated that it will take any security-related updates very seriously and prioritize its resources in that area for now.
As it stands, some hackers are taking advantage of this situation to deceive Chrome users of a non-existent Chrome update that is a dangerous backdoor. Once the user accepts and clicks the update request, their system is infiltrated by the virus.
Fake Chrome update is the work of experienced hackers
Doctor Web security outfit posted yesterday that the fake chrome update request is the handiwork of hackers who have compromised multiple WordPress-powered sites. They are now using the compromised sites to send fake update messages to victims.
According to the security researchers, the sites the hackers are using different cover niches and are from official cooperate sites and news blogs.
The hackers are using a sophisticated approach and their approach shows they are well experienced in the act, Doctor Web said.
According to the researchers, “The hacker group behind this attack was previously involved in spreading a fake installer of the popular VSDC video editor through its official website and the CNET software platform.”
The page would appear genuine to the user; it is designed by the hacker to make victims believe they are downloading the updates from the original update page.
But the Chrome update page is completely fake and an actual malware installer. Once the user agrees to download the update, their system is compromised by the malware installer.
Malware has been downloaded over 2,000 times
According to Doctor Web researchers, this malware file has already been downloaded more than 2,000 times. After the execution prompt is activated, the password-protected archives and the TeamViewer remote control protocol are installed.
Also, other sophisticated malware protocols can follow suit, including a highly-technical Russian-based data stealer and a keylogger. The data stealer referred to as Predator the Thief, has been active for the past two years. The researchers said the data thief makes use of anti-analysis and anti-debugging techniques that frustrate analysis and detection by researchers.
Targeted victims are from different regions
According to Doctor Web security researchers, the victims of the hackers’ activities are from the United Kingdom, Turkey, Australia, Israel, Canada, and the United States. The researchers traced the downloaded malware files using digital signatures utilized by the hackers when they were creating a fake NordVPN installer.
Chrome users have been advised on the best ways to stay protected from these hackers. The researchers said chrome users should make sure the automatic update feature of Chrome is activated. Users should not manually click a link or any information to update their Chrome, the researchers advised.