Attackers are using cybersecurity best practices against users, prompting them to download malicious browser updates.
Security researchers are observing a growing trend where attackers are disguising their malware as fake browser updates. The attackers would start by compromising a legitimate but vulnerable website. They would use an existing vulnerability or a misconfiguration on the website to inject a malicious JavaScript code. When visitors load the compromise site, the malicious JavaScript code is executed. The malicious code, will gather information about the visitor’s browser version and location, and use that to display a fake browser update page. The page will be tailored to the visitor’s browser and inform the user that their browser is outdated and requires updating to view the website’s contents. It will also include an update browser link. Clicking on that link would download malicious software onto the user’s computer. The security researchers have observed 4 different threat clusters using unique campaigns to deliver their fake browser update lures. Security awareness is the key to protecting against this type of scams, along with having endpoint protection as part of a defense in depth strategy.
https://www.proofpoint.com/us/blog/threat-insight/are-you-sure-your-browser-date-current-landscape-fake-browser-updates
https://krebsonsecurity.com/2023/10/the-fake-browser-update-scam-gets-a-makeover/
https://www.darkreading.com/threat-intelligence/watch-out-attackers-hiding-malware-browser-updates
This segment was created for the It’s 5:05 podcast