Thursday, April 17, 2025
HomeMalwareBeware!! Fake Browser Update Drops a Ransomware & Banking Malware into Your...

Beware!! Fake Browser Update Drops a Ransomware & Banking Malware into Your Computer

Published on

SIEM as a Service

Follow Us on Google News

Researcher recently discovered a malicious Fake Browser Update campaign that being delivered a ransomware and banking malware into target computer via fake browser update.

Threat actors are spreading this fake browser mostly via compromised websites that are powered by WordPress and also attackers used other hacked CMS websites.

Thousands of hacked sites are used for this campaign along with various stages of infection process by injecting malicious scripts from the legitimate web pages.

- Advertisement - Google News

Fake updates claim that the popup comes from an “Update Center” based on the browser type by saying “a critical error occurred due to the outdated version of the browser, Update your browser as soon as possible.”

Attackers pushing the fake updates based upon the browser that used by victims to access the compromised websites and they have a malicious popup for all widely used browsers including messages for Chrome, Internet Explorer and Edge browsers.

Fake Browser Update

Also the popups urged user to download and install the update in order to avoid “Loss of personal and stored data, confidential information leaks, and browser errors” that you can in above image.

The update link pointed to some of the compromised website where the threat actors loaded a exe and zip files that will eventually drop into the victims computer.

Fake Browser Update Infection Process

Initially, attackers choose the 2 ways either inject links to an external script or inject the whole script code into the hacked web pages.

Researchers from Sucuri described some of the external script links used by this campaign:

  • hxxps://wibeee.com[.]ua/wp-content/themes/wibeee/assets/css/update.js – 225 infected sites.
  • hxxp://kompleks-ohoroni.kiev[.]ua/wp-admin/css/colors/blue/update.js – 54 for the second.
  • hxxp://quoidevert[.]com/templates/shaper_newsplus/js/update.js – 198 infected sites.

Fake browser update overlay window generated by these update.js files which contain an obfuscated script along with the download link of Fake update file.

Once the victims click the update links, hacked site drop the Zip file which is quite very small around 3kb which is not sufficient size to have a windows based malware.

Further analysis done by a researcher Peter Gramantik , reveals that the contain .js file with 100 space characters that trick to hide the file extension.

“In this case, the malicious code uses the Windows Script Host functionality to download external files, execute them, and then delete.”

According to Sucuri, the script tries to download browser.jpg files from compromised third-party sites. You should not be fooled by the benign .jpg extension and the further analysis in virustotal reveal that the JPG file is a ransomware.

Fake Browser Update

Recently discovered fake browser updates file also contains a banking malware which is used the same infection methods.

Also, Sucuri Stats that, To track their campaign, hackers include Histats scripts into all versions of their malware. At this point, they use the following two Histats ids that infected nearly 1500 websites.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Also Read:

Mac Malware Steals Cookies & saved Passwords when Users Visiting Crypto Exchange Service Websites

Pirate Bay Downloaders Beware!! – Hackers Launching Dangerous Malware via Torrent Files

Android Trojan Called “SpyDealer” Spying on More Than 40 Apps Including Facebook, WhatsApp, Skype,Telegram

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Microsoft Vulnerabilities Reach Record High with Over 1,300 Reported in 2024

The 12th Edition of the Microsoft Vulnerabilities Report has revealed a significant surge in...

43% of Top 100 Enterprise Mobile Apps Expose Sensitive Data to Hackers

A comprehensive study by zLabs, the research team at Zimperium, has found that over...

LummaStealer Exploits Windows Utility to Run Remote Code Disguised as .mp4 File

The Cybereason Global Security Operations Center (GSOC) has shed light on the sophisticated tactics...

Managing Burnout in the SOC – What CISOs Can Do

The Security Operations Center (SOC) is the nerve center of modern cybersecurity, responsible for...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

LummaStealer Exploits Windows Utility to Run Remote Code Disguised as .mp4 File

The Cybereason Global Security Operations Center (GSOC) has shed light on the sophisticated tactics...

Ghost Ransomware Targets Organizations Across 70+ Countries

A new ransomware variant known as "Ghost" (also referred to as Cring) has emerged...

Gamaredon’s PteroLNK VBScript Malware Infrastructure and TTPs Uncovered by Researchers

Researchers have unearthed details of the Pterodo malware family, notably the PteroLNK variant used...