An alarming surge in fraudulent Chrome update websites has raised concerns as they could grant unauthorized access to users' devices through remote access trojans.
Researchers at the cybersecurity company Sucuri noticed an influx in websites infected with fake Google Chrome update malware, nicknamed “FakeUpdateRU.”
The bogus websites trick users into thinking they are downloading a legitimate update for their Chrome browser, while they’re actually installing a remote access trojan (RAT).
Often serving as the initial phase and point of entry for targeted ransomware campaigns, these attacks can result in substantial financial losses for individuals, small businesses, and large corporations alike.
Google has taken action to block the majority of domains used for malware distribution. Users trying to open the bogus sites in their browsers are getting warnings as a precaution before they can access the specific sites in question.
The currently identified malware is similar to the SocGholish infection that affected tens of thousands of websites. SocGholish has been linked to the financially motivated cybercrime group Evil Corp, based in Russia. Typical targets are accommodation and food services, retail trade, and legal services, primarily in the US.
While at first glance, “FakeUpdateRU” resembles SocGholish as it also offers the downloading of Google Chrome updates, it actually seems to be a competing group of threat actors also “trying to cash in on the ransomware gravy train,” according to Sucuri.
More from Cybernews:
Subscribe to our newsletter