Be careful, France is hit by an increase in hacking attempts via false update notifications for your web browser. A way to exploit your trust to spread malware.
All techniques are good for abusing the trust of Internet users. And the one that we place in major browsers such as Google Chrome, Microsoft Edge or Mozilla Firefox is a real boon for cybercriminals, who use proven social engineering techniques to deceive us. As the cybersecurity specialist discovered Proofpoint, trivial browser updates can prove to be a real danger in Europe, including in France. Hackers rely on our desire to secure our browsing to distribute malware through fake updates. All the subtlety and success of this technique rest on its ability to exploit users’ trust in updates to known and reliable tools. The goal: to steal personal and banking data, control the device remotely or even inject ransomware. So you should never let your guard down!
Fake updates: Google Chrome, Firefox and Edge in the sights of hackers
According to cybersecurity researchers, the TA569 group uses this method to distribute the SocGholish malware, but several other groups (RogueRaticate, SmartApeSG and ClearFake) also use this method. While everyone deploys their own campaigns to spread their traps in the form of fraudulent notifications, they have common characteristics that follow the same pattern, which has three distinct stages. To achieve their goals, hackers start by compromising a legitimate website through JavaScript requests to discreetly perform background checks and replace the site with a browser update decoy. The user, who thinks he is still on the initial website, therefore receives an alert coming directly from the browser used asking him to update it. A familiar-looking notification prompting him to click a download link, which actually runs good old malware. These attacks occur most often in English, but also in French, Spanish, German and Portuguese.
This technique is particularly effective because “Threat actors exploit users’ desire to do the right thing. By wanting to secure their work environment and protect their information, they ultimately do the opposite and expose themselves to the risks of infection and the spread of malware “, explain the researchers at Proofpoint. In this way, hackers exploit lessons learned from cybersecurity training that encourages users to only accept updates from known and trusted sites. By compromising these trusted sites and using discreet verification techniques, lures go unnoticed.
For Proofpoint, there are no thirty-six solutions to protect against these attacks. Agencies must implement networked detection systems and protect access points. Better prevention should also enable users to be able to identify this type of suspicious activity and report it to security teams. Also, it is better to always remain vigilant on the Internet. Please keep in mind that web browsers never ask you to update the system through this type of message, and you should therefore never install an update from an unofficial web page. If in doubt, it is better to do it manually, by going to the browser settings. For example, on Google Chrome, simply click on the three small vertical dots at the top right, then go to “Settings” and click on “About Chrome”. We can then check if the update is indeed available.