Monday, May 16, 2022

False Browser updates on the rise

For those who have physically updated their browser within the last week, think back about how you did it. Did you search for the upgrade on your own, or did you acquire an update following an alert stating you need to pick-up a “critical update”?

If you had the alert and are living in the UK, then chances are you fell for the most recent malware delivery campaign that has been started prior to New Year’s Eve.  Chances are you went to some sort of free movie streaming or media site, and a harmful ad redirected you to a different website.

“The website, which is hosted in the Ukraine, uses a dual hybrid Web server setup by Apache and Nginx, with the latter identifying the victim’s browser and performing a redirect,”  a Symantec employee explained in a recent post.

On the webpage you ended up on, an alert utilizing a template equivalent to your browser type was displayed, and you also were supplied the update for download. If you had rejected the update, a JavaScript loop would’ve pushed you to remain on the website by making it difficult to close your browser until you executed a substantial number of repetitive clicks.



For those who have downloaded and ran the “updated browser”, you should consider that your computer has been been compromised by an information-stealing Shylock Trojan, and you need to utilize an AV solution to remove it.  If you don’t have one readily available, please follow this guide to download, update and scan using Malwarebytes.

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

New FastPOS malware targeting Point-of-Sale systems

Experts have disclosed a new category of malware, labeled “FastPOS,” that has the ability to quickly …