Fake Browser Updates Source Of Ransomware And Banking Malware

July 19, 2019

An all-out alarm reported by Surcuri finds bogus alerts circulating about the need to download the latest browser update. Although it’s always recommended to keep software up to date, this report finds hackers are exploiting that call to action in a big way. Using fake updates isn’t exactly a new hacking exploit, but hackers are getting better at it over time and this latest attack is a solid example of that.

Surcuri finds this fake update tactic has been active for a few years. Looking back to 2017, a malvertising campaign discovered by Proofpoint used fake browser updates to install fraudulent advertising malware called Kovter. And in November of 2018, Malwarebytes Labs found the FakeUpdates malware campaign. With alarm bells now ringing, Surcuri’s discovery sounds off about this latest installment of fake update alerts.

Hackers are known to exploit anything they can for success, and in this case, they use the well-known advice to users to update software as soon as possible. In this latest discovery by Surcuri, hackers use email links or script code to compromise a webpage. Either way it’s done, the code results in a message box popping up that tells users a critical error happened due to using an outdated web browser.

Users are then instructed to update the browser, even displaying a visual in the background to simulate their chaotic and vulnerable browser. Clicking the “Update” box the hackers provide, a ZIP archive is released, again displaying messages that appears to be loading a legitimate browser update file. The iOS “update” downloads a Windows EXE file full of ransomware. For Android users, banking malware is downloaded. Users are totally unaware of what exactly is going on, believing they did the right thing by updating their browser and avoiding further “critical errors.”

Unfortunately, with fake updates improving every day, users need to be highly aware of the problem and take steps to avoid being the next victim. Basic checks on the viability of an update are necessary and not difficult to do. Perhaps the most effective way is to first go directly to the source of the update. In this case, typing the Microsoft website name into the browser address line to verify if there truly is an update available. Then always download it directly from the real website whenever possible. This applies to all updates, not just for this one or Microsoft. Hackers notoriously use Adobe updates to spread malware. Going directly to its site is also advised.

Never use web addresses or phone numbers provided in an update message, as they are put there by hackers who want you to do that browser update. Always double check a URL to make sure it’s exactly where you expect to go. Hackers are very good at shifty spelling tricks designed to look like the correct URL. Even the smallest spelling change of one character is enough to send users down the wrong rabbit hole. Always keep system updates current, as added security features may help identify a fake and very harmful browser update.

Stickley on Security
Published July 19, 2019