Thursday, March 28, 2024

Beware!! Fake Browser Update Drops a Ransomware & Banking Malware into Your Computer

Researcher recently discovered a malicious Fake Browser Update campaign that being delivered a ransomware and banking malware into target computer via fake browser update.

Threat actors are spreading this fake browser mostly via compromised websites that are powered by WordPress and also attackers used other hacked CMS websites.

Thousands of hacked sites are used for this campaign along with various stages of infection process by injecting malicious scripts from the legitimate web pages.

Fake updates claim that the popup comes from an “Update Center” based on the browser type by saying “a critical error occurred due to the outdated version of the browser, Update your browser as soon as possible.”

Attackers pushing the fake updates based upon the browser that used by victims to access the compromised websites and they have a malicious popup for all widely used browsers including messages for Chrome, Internet Explorer and Edge browsers.

Fake Browser Update

Also the popups urged user to download and install the update in order to avoid “Loss of personal and stored data, confidential information leaks, and browser errors” that you can in above image.

The update link pointed to some of the compromised website where the threat actors loaded a exe and zip files that will eventually drop into the victims computer.

Fake Browser Update Infection Process

Initially, attackers choose the 2 ways either inject links to an external script or inject the whole script code into the hacked web pages.

Researchers from Sucuri described some of the external script links used by this campaign:

  • hxxps://wibeee.com[.]ua/wp-content/themes/wibeee/assets/css/update.js – 225 infected sites.
  • hxxp://kompleks-ohoroni.kiev[.]ua/wp-admin/css/colors/blue/update.js – 54 for the second.
  • hxxp://quoidevert[.]com/templates/shaper_newsplus/js/update.js – 198 infected sites.

Fake browser update overlay window generated by these update.js files which contain an obfuscated script along with the download link of Fake update file.

Once the victims click the update links, hacked site drop the Zip file which is quite very small around 3kb which is not sufficient size to have a windows based malware.

Further analysis done by a researcher Peter Gramantik , reveals that the contain .js file with 100 space characters that trick to hide the file extension.

“In this case, the malicious code uses the Windows Script Host functionality to download external files, execute them, and then delete.”

According to Sucuri, the script tries to download browser.jpg files from compromised third-party sites. You should not be fooled by the benign .jpg extension and the further analysis in virustotal reveal that the JPG file is a ransomware.

Fake Browser Update

Recently discovered fake browser updates file also contains a banking malware which is used the same infection methods.

Also, Sucuri Stats that, To track their campaign, hackers include Histats scripts into all versions of their malware. At this point, they use the following two Histats ids that infected nearly 1500 websites.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Also Read:

Mac Malware Steals Cookies & saved Passwords when Users Visiting Crypto Exchange Service Websites

Pirate Bay Downloaders Beware!! – Hackers Launching Dangerous Malware via Torrent Files

Android Trojan Called “SpyDealer” Spying on More Than 40 Apps Including Facebook, WhatsApp, Skype,Telegram

Website

Latest articles

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two...

CISA Warns of Hackers Exploiting Microsoft SharePoint Server Vulnerability

Cybersecurity and Infrastructure Security Agency (CISA) has warned about a critical vulnerability in Microsoft...

Microsoft Expands Edge Bounty Program to Include WebView2!

Microsoft announced that Microsoft Edge WebView2 eligibility and specific out-of-scope information are now included...

Beware of Free Android VPN Apps that Turn Your Device into Proxies

Cybersecurity experts have uncovered a cluster of Android VPN applications that covertly transform user...

ZENHAMMER – First Rowhammer Attack Impacting Zen-based AMD Platforms

Despite AMD's growing market share with Zen CPUs, Rowhammer attacks were absent due to...

Airbus to Acquire INFODAS to Strengthen its Cybersecurity Portfolio

Airbus Defence and Space plans to acquire INFODAS, a leading cybersecurity and IT solutions...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles