Latest Threat Research: LetMeowIn – Analysis of a Credential Dumper

Get Informed

Search

Threat Actors Spreading Dangerous “Google Chrome Update”

Analysts at Dr. Web, a Russian anti-virus company, have uncovered a campaign that has tricked victims into downloading malware disguised as a Google Chrome update. Using multiple compromised WordPress sites, the threat actor embedded a JavaScript redirection script, sending visitors to a legitimate-looking Google Chrome update page. If the visitor is tricked into installing the malware, a remote connection using TeamViewer is established, giving the attackers full control over the victim’s computer. Dr. Web analysts have seen other malware, including password stealers, installed after the initial infection. Dr. Web claimed that the threat actors behind this attack have compromised many WordPress-powered sites and were previously involved in spreading malware through fake VSDC video editor and fake NordVPN installers. Victims have included people in the United States, Canada, Israel, Australia, Turkey and the United Kingdom.

Analyst Notes

Since Google has temporarily halted all web browser updates due to COVID-19 disruptions to developers’ work schedules, any application or website claiming to have a new version of Chrome is most likely a scam. Binary Defense recommends only installing Chrome updates through the update feature built into Chrome, or from Google’s official page to prevent accidental malware installs.

More IOCs can be found: https://github.com/DoctorWebLtd/malware-iocs/blob/master/FakeChromeUpdate/README.adoc

https://www.forbes.com/sites/daveywinder/2020/03/26/warning-hackers-trick-thousands-into-downloading-dangerous-google-chrome-update/