Cybercriminals have introduced a new threat in the ever-evolving world of cybersecurity in the form of a fake Chrome update. Since late April 2024, they have been injecting malicious code into websites, prompting users with deceptive popup messages to update their browsers. These popups, written in poor English and displayed to all users regardless of their browser, direct victims to malicious URLs designed to download malware like the notorious SocGholish.
For instance, picture yourself visiting a familiar website only to be confronted by a message warning you of an “Exploit Chrome Detect.” A large blue “Update” button insists on your click. If you comply, you are redirected to one of several malicious URLs, such as hxxps://brow-ser-update[.]top/download/dwnl.php, which then attempts to download harmful software.
Researchers have identified 341 compromised websites displaying these fake update popups. The attackers typically exploit WordPress plugins, using them to inject malicious code. This approach helps them evade detection since the malicious data is often stored within the WordPress database.
Security firm Sucuri, which flagged this threat, recommends several precautions: adopt a “use it or lose it” policy for plugins, generate strong and unique passwords, enable two-factor authentication, restrict access to your WordPress admin, keep software up-to-date, and utilize a web application firewall.
This campaign points to the need to watch our backs when active on online platforms and always ensure that robust security measures are in place to protect against surging sophisticated cyber threats.