Saturday, July 13, 2024
EHA

Beware!! Fake Browser Update Drops a Ransomware & Banking Malware into Your Computer

Researcher recently discovered a malicious Fake Browser Update campaign that being delivered a ransomware and banking malware into target computer via fake browser update.

Threat actors are spreading this fake browser mostly via compromised websites that are powered by WordPress and also attackers used other hacked CMS websites.

Thousands of hacked sites are used for this campaign along with various stages of infection process by injecting malicious scripts from the legitimate web pages.

Fake updates claim that the popup comes from an “Update Center” based on the browser type by saying “a critical error occurred due to the outdated version of the browser, Update your browser as soon as possible.”

Attackers pushing the fake updates based upon the browser that used by victims to access the compromised websites and they have a malicious popup for all widely used browsers including messages for Chrome, Internet Explorer and Edge browsers.

Fake Browser Update

Also the popups urged user to download and install the update in order to avoid “Loss of personal and stored data, confidential information leaks, and browser errors” that you can in above image.

The update link pointed to some of the compromised website where the threat actors loaded a exe and zip files that will eventually drop into the victims computer.

Fake Browser Update Infection Process

Initially, attackers choose the 2 ways either inject links to an external script or inject the whole script code into the hacked web pages.

Researchers from Sucuri described some of the external script links used by this campaign:

  • hxxps://wibeee.com[.]ua/wp-content/themes/wibeee/assets/css/update.js – 225 infected sites.
  • hxxp://kompleks-ohoroni.kiev[.]ua/wp-admin/css/colors/blue/update.js – 54 for the second.
  • hxxp://quoidevert[.]com/templates/shaper_newsplus/js/update.js – 198 infected sites.

Fake browser update overlay window generated by these update.js files which contain an obfuscated script along with the download link of Fake update file.

Once the victims click the update links, hacked site drop the Zip file which is quite very small around 3kb which is not sufficient size to have a windows based malware.

Further analysis done by a researcher Peter Gramantik , reveals that the contain .js file with 100 space characters that trick to hide the file extension.

“In this case, the malicious code uses the Windows Script Host functionality to download external files, execute them, and then delete.”

According to Sucuri, the script tries to download browser.jpg files from compromised third-party sites. You should not be fooled by the benign .jpg extension and the further analysis in virustotal reveal that the JPG file is a ransomware.

Fake Browser Update

Recently discovered fake browser updates file also contains a banking malware which is used the same infection methods.

Also, Sucuri Stats that, To track their campaign, hackers include Histats scripts into all versions of their malware. At this point, they use the following two Histats ids that infected nearly 1500 websites.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Also Read:

Mac Malware Steals Cookies & saved Passwords when Users Visiting Crypto Exchange Service Websites

Pirate Bay Downloaders Beware!! – Hackers Launching Dangerous Malware via Torrent Files

Android Trojan Called “SpyDealer” Spying on More Than 40 Apps Including Facebook, WhatsApp, Skype,Telegram

Website

Latest articles

mSpy Data Breach: Millions of Customers’ Data Exposed

mSpy, a widely used phone spyware application, has suffered a significant data breach, exposing...

Advance Auto Parts Cyber Attack: Over 2 Million Users Data Exposed

RALEIGH, NC—Advance Stores Company, Incorporated, a prominent commercial entity in the automotive industry, has...

Hackers Using ClickFix Social Engineering Tactics to Deploy Malware

Cybersecurity researchers at McAfee Labs have uncovered a sophisticated new method of malware delivery,...

Coyote Banking Trojan Attacking Windows Users To Steal Login Details

Hackers use Banking Trojans to steal sensitive financial information. These Trojans can also intercept...

Hackers Created 700+ Fake Domains to Sell Olympic Games Tickets

As the world eagerly anticipates the Olympic Games Paris 2024, a cybersecurity threat has...

Japanese Space Agency Spotted zero-day via Microsoft 365 Services

The Japan Aerospace Exploration Agency (JAXA) has revealed details of a cybersecurity incident that...

Top 10 Active Directory Management Tools – 2024

Active Directory Management Tools are essential for IT administrators to manage and secure Active...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles