One day you’re merrily browsing the internet going through some kind of tutorial looking at a website. Then boom all of a sudden you have an update for Chrome. You have to update in order to continue viewing the website and like any obedient internet user you click the update button, everyone knows not having an up-to-date browser would be a huge security vulnerability So you must also beware of fake Google Chrome update scam.
- Attackers Exfiltrate Data Using Command Line Tool
- Silent Attack: Gone in a Flash, Data Out of Reach
- Beware of Fake Google Chrome Update Scam: Security Threats
- Luma Stealer: Beware of Fake Google Chrome Update Scam
- Using 2FA Beware of Fake Google Chrome Update Scam
- Fake Browser Updates Spread Malware
- Attackers Exploit and Execute Malicious Code
- Stay Safe from Compromised Websites
- Online Security with Safe Browsing Extensions
- Conclusion
But If you actually ran this browser update you would have all of your online accounts hacked. Any passwords that you had saved on your system, any site you were logged into, and all of that information would be stolen by hackers and potentially sold on the dark web So you must also beware of fake Google Chrome update scam at that point.
Attackers Exfiltrate Data Using Command Line Tool
So we’re going to run this in a virtual machine just to show you what happens. It quickly executes the command line cmd.exe. After completing its data collection, the original exe stops running. You don’t notice the detections in vars total, but the command line is still running, sending the data to the attackers.
Silent Attack: Gone in a Flash, Data Out of Reach
let’s do that again in case you didn’t catch it. It does happen really fast. You might have noticed that the setup is executing and has 39 apparent detections currently. Initially, I was doing this, but the count was much lower when it first started. Within a few seconds, it disappears.
If you just do it one more time. You can catch some of the other things that are happening in those few seconds. Then you notice, it’s establishing a TCP connection to a remote IP and this is likely the command and control infrastructure of the attacker and you must also beware of fake Google Chrome update scam.. It happens fast you don’t see it, but that’s your data leaving orbit with escape velocity.
The best thing is it all happens that you wouldn’t even know anything was wrong. There’s nothing that’s running on your system after it has executed. There are no malicious processes right at that time. The application itself is going to terminate very quickly, even if you do notice a command prompt running silently in the background, it’s not necessarily an indication of some kind of malware infection.
And you wake up the next day and you can’t log into your accounts anymore and that’s when you realize you’ve been hacked and you must also beware of fake Google Chrome update scam.
Beware of Fake Google Chrome Update Scam: Security Threats
Now taking a slightly deeper about the file itself. You can access properties and, upon checking the digital signatures, it’s intriguing that Perform has signed it. Perform is the company responsible for C cleaner. In fact, if we look at the General application data, it says it’s Rua installer which is a legitimate program released by Perform.
I have analyzed this file, and I also know that it installs a root certificate and Windows Defender is complaining about something. let’s know what it is. Local Host does detect the file as a Luma stealer which is an accurate detection for Windows Defender but they say better late than never.
The particular sample is 7.8 MB. It’s not particularly hard to analyze on sites. So if you check on it, it’s got 39 detections right my time but these things move fast. If you’re hit on day one, you may not be as lucky.
Luma Stealer: Beware of Fake Google Chrome Update Scam
Let’s talk a little bit more about Luma Steeler from Malpedia, this is information Steeler written in the SE language. It’s very close to a system that’s being available as malware as a service model. So again anybody can buy it and run their own info-stealing operation. It’s sold on Russian-speaking forums and it’s been there since August of 2022, so it’s been over a year and you must also beware of fake Google Chrome update scam.
It’s believed to be developed by a threat actor called Chamelle and it targets cryptocurrency wallets. That’s another thing to really look out for if you’ve got you know cryptocurrency, be really careful how you store your wallets because people have had their entire fortune. Hundreds of thousands of dollars are stolen by information stealers. And guess what? It can also steal two-factor authentication tokens and must beware of fake Google Chrome update scam.
Using 2FA Beware of Fake Google Chrome Update Scam
Do not use your computer as a 2FA device. The whole idea of 2FA is having two independent devices verified. I don’t think a lot of people realize, how quick and simple a data exfiltration event can be. It doesn’t even have to be an exe. One that is going to be detected which you can analyze, could be a PowerShell script, and must beware of fake Google Chrome update scam.. There are multiple ways in which this attack can take place.
Fake Browser Updates Spread Malware
There’s some original research on one of a safe browsing secure extension provider, turns out it’s a pretty sophisticated exploit. So this is the simplified view where you visit a compromised WordPress site. You have the fake browser pop up and then you have the malevolent browser update. The process starts by embedding a concealed JavaScript code into article pages. This code doesn’t constitute the malware itself; rather, it merely retrieves a second-stage payload from a server controlled by the attacker. So you must also beware of fake Google Chrome update scam..
Again, you might think, how come nobody detects it? It’s because the only thing they would see would be some kind of JavaScript. That just reaches out to a random IP and the actual malware is going to be hosted there. In some instances, they can even use things belonging to:
- Cloudflare
- Google Drive
- Amazon
These platforms do detect abuse and they do remove malicious actors but that’s how these attacks work these days.
Attackers Exploit and Execute Malicious Code
One malware operation is not the issue. Rather, rapidly flashing the pen in and out targets the initial wave of people. These individuals lose their data and have their accounts hacked. Then the attackers move on, they start a new campaign with new hacked websites. The infection process is actually very interesting especially, if you’re into blockchain and Binance.
This is not just for Google Chrome. They show you different pop-ups depends on the browser you’re using. If you using Microsoft Edge browser, they show you a popup for Microsoft Edge, it look very legitimate. Similarly. If you’re using Firefox, they’re going to show you another popup that looks very legitimate.
Just ask yourself, with the average user who does not understand what different file formats are. What an exe is, are they going to be able to tell that this is not a legitimate update? but you must also beware of fake Google Chrome update scam. It’s not hard to make something that matches the look and feel especially these days and everything looks so similar.
Stay Safe from Compromised Websites
This is a list of compromised websites, let’s try visiting some of these. I visited one of these websites on my computer and noticed that Safe Browsing Secure Extension blocked it. It became apparent that all the domains are temporary. A lot of them have gone down. However, if we look at the compromised WordPress sites, you will see that they’re still up. For example, if someone visits dailyAngelprayersdotnet, they do not risk getting infected from their daily Angel prayers. It’s unlikely that any harm could occur from this site but reality is to must beware of fake Google Chrome update scam.
Imagine somebody figuring out, how can Angels help me, and then they get an update, and they think it’s a message from an angel. I’m not sure where I’m going with this, but the point is the websites are legitimate. Hackers compromise with them, and they undergo restoration, creating a cyclic pattern.
This site is probably safe now but there are probably other sites now that are actively serving these kinds of payloads. So keep an eye out for these kinds of threats and educate people. I hope you found this practicalled article informative and useful.
Online Security with Safe Browsing Extensions
Do you know someone who would fall for a popup? You can also use a lot of safe browsing secure extensions to beware of fake Google Chrome update scam, These are web extensions that can protect you from phishing links, scams, and the kinds of things that most everyday people are falling for these days. It not only blocks malware downloads but also safeguards you by monitoring for your stolen credentials in the dark web. So you must also beware of fake Google Chrome update scam.
For example, Luma Steeler stole your credentials and is selling them in a Russian hacker forum. Any trusted safe browsing secure extension would warn you and say, ‘Hey, someone leaked your WordPress account credentials. Go ahead and change your password immediately.’ Sometimes, this prompt can truly prevent a hack because often the individuals harvesting these credentials through malware are different from those hacking accounts.
Also read: Quantum Computing Stocks with Light: The Breakthrough?
Conclusion
In the ever-evolving digital landscape, seemingly harmless actions like accepting browser updates can lead to severe consequences. Cyber threats lurk in unsuspecting places, using sophisticated tactics to steal data and compromise online security. Vigilance, education, and the use of reliable safe browsing extensions are crucial in safeguarding against these pervasive dangers. Stay informed, stay cautious, and empower yourself to navigate the web securely. You must also beware of fake Google Chrome update scam.
