An old malware scam is reemerging with dangerous new tricks, causing significant problems for anyone who uses a web browser – i.e., nearly all of us. Hackers using the “update your browser” scam found new ways to hide malicious files, making it harder for security experts to locate and remove them. We’ll see more of this scam, so you need to be on the lookout.
What Is The Fake Browser Update Scam?
A website gets hacked by cybercriminals, who make a few changes. Namely, hackers use JavaScript requests to covertly replace the existing website content with a deceptive prompt for a browser update. For example, if you use Chrome, you’ll see a page asking you to update your Chrome browser. Click on the update button, and you’ll download malware on your device. Hackers know that users are told in security training to only click on links on trusted sites. They take advantage of that training by hosting their scam on a legitimate site, luring you into their trick.
But this time, the scam has a new tactic. Instead of hosting harmful files on the compromised site as they’ve done in the past, they’ve developed a way to store files on cloud services or even cryptocurrency blockchain. This makes it a lot harder for cyber security experts to find and remove.
The first scam of this kind, ClearFake, was uncovered in October 2023. Since then, security experts at Proofpoint have identified four threat actor groups using the fake browser scam to attack victims.
We keep hearing it – cybercriminals are using the latest tech to find new ways to exploit users. This is just the latest example.
What Can You Do About It?
First, no browser targeted in this scam – Chrome, Firefox or Edge – will ever have a pop-up or show you a page stating your browser is out-of-date. To check your browser’s status, go directly through your browser’s settings menu. Also, make sure you’re running very effective antivirus protection on all your devices. Antivirus will constantly run on your device, alerting you to suspicious activity.
Additionally, train your team on this new scam. Because it goes against usual training, you’ll need to step in and talk to them about how to look for signs of the fake browser update scam.
We use browsers to do almost everything, so this won’t be the last time you hear about scams like this. Be sure to keep your systems updated (via your settings, NOT pop-ups) and use a strong antivirus program.