Chrome update spreads Trojan malware

An alarming surge in fraudulent Chrome update websites has raised concerns as they could grant unauthorized access to users' devices through remote access trojans.

Researchers at the cybersecurity company Sucuri noticed an influx in websites infected with fake Google Chrome update malware, nicknamed “FakeUpdateRU.”

The bogus websites trick users into thinking they are downloading a legitimate update for their Chrome browser, while they’re actually installing a remote access trojan (RAT).

Bogus Chrome update site
Bogus Chrome update site | Source: Sucuri

Often serving as the initial phase and point of entry for targeted ransomware campaigns, these attacks can result in substantial financial losses for individuals, small businesses, and large corporations alike.

Google has taken action to block the majority of domains used for malware distribution. Users trying to open the bogus sites in their browsers are getting warnings as a precaution before they can access the specific sites in question.

google warning
Google warning | Source: Sucuri

The currently identified malware is similar to the SocGholish infection that affected tens of thousands of websites. SocGholish has been linked to the financially motivated cybercrime group Evil Corp, based in Russia. Typical targets are accommodation and food services, retail trade, and legal services, primarily in the US.

While at first glance, “FakeUpdateRU” resembles SocGholish as it also offers the downloading of Google Chrome updates, it actually seems to be a competing group of threat actors also “trying to cash in on the ransomware gravy train,” according to Sucuri.

More from Cybernews:

Experts name essential skills to beat the robot takeover

23andMe data breach impacts its DNA Relatives feature

Microsoft lure used in Webmail zero-day attack

Video and Audio calls coming to X

OpenAI, Microsoft, Google, Anthropic create $10M AI safety fund, appoint new director

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked