Learn more about the latest ESG updates from the SEC. ...
Why are malware-laced fake browser updates having a moment in 2023?
The adage “what’s old is new again,” is certainly true in the cyber threat landscape, and recent reports indicate that one of the oldest malware tricks in the books, fake browser updates, is making a major comeback.
So, how do legitimate websites get infected? In most cases, threat actors can inject malicious code by finding unpatched vulnerabilities or WordPress misconfigurations–but they can also find their way in through almost any asset hosted on a website, even from third-parties such as media players or templates.
Once installed, the malicious code, hand-in-hand with the website and the campaign, turns its attention to the end user. The job is simple: refer website visitors to the malware by prompting them to update their browsers.
The moment a visitor lands on an infected page, the code starts to run. If the target is a good match, the code will open a new page prompting the end user to update their web browser. In reality, the “update” just downloads malware onto the user’s machine.
While phishing emails and fraudulent websites are increasingly easy to spot, these malicious update pages can be extremely realistic, as shown in the screenshots below.
Krebs on Security reports that these attacks are back on the rise because of a new technique making them harder to stop. The report believes law enforcement and security experts are unable to flag the attacks due to threat actors hosting the malicious files on a decentralized, anonymous cryptocurrency blockchain.
These attacks are simple, but effective for a number of reasons. First, these attacks originate from a trusted channel. These aren’t a random link from an unsolicited email or text, these are pages that flip over from real websites. Inherent end user trust is already more established than in the standard phishing attack.
Second, think about one of the most common pieces of cybersecurity advice we receive (and should be following): update your software. In fact, updating software is so important to cyber hygiene that CISA highlighted it as one of the four steps in this years’ Cybersecurity Awareness Month campaign.
In many instances, software updates are automatic, which could be because your IT department set your laptop to restart on a specified cadence or because you selected an automatic update option when configuring software.
With these circumstances in mind, think about what you would do if you were reading a news article on a website you visit daily and you receive a prompt to update your browser… chances are you would follow what you have been trained to do and click update.
The easiest way to avoid fake browser updates is a little more complicated since these attacks are harder to spot than most others in the wild.
One suggestion is simply letting browsers take care of themselves. In fact, most modern web browsers automatically update in the background, so if you get a prompt to update your browser, it’s safer to simply close the window and move on.
Another option is going through the browsers themselves to verify if any updates are needed. Those using Chrome on Windows OS can do so by:
If you are a Microsoft Edge or Firefox browser user, links to trusted instructions to verify/update the browsers are below:
Remember: updating your software is important, but so is verifying the source of the request. If you have any questions about update prompts or versioning, please reach out to your IT department or a security professional.
The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.
Want to be in the know? Subscribe to our bi-weekly newsletter, Focus on Cybersecurity.