Beware! Fake Google Chrome downloader can steal your data

The Internet is a place filled with immense knowledge, entertainment, news and what not. It has become an integral part of life. Your electronic device without an active internet connection is hard to imagine.

Browser applications such as Google Chrome, Internet Explorer, Safari, Firefox etc are windows to the internet world. You can dive and surf onto the internet using such applications. The whole world is now under your watch through these browser windows.

However there are different kinds of threats also sitting on the other side of these windows. They are ready for you to get distracted so they can make entrance to your world. A little bit of carelessness can cost you your system, your business data or your personal or banking information.

Tech companies are always ready to safeguard us from such threats by making the first move. They will be pushing regular security updates to strengthen the security of their product line so that consumers will have seamless user experience. We as an end users are advised to be in sync with such regular security updates.

But what will happen if this update service is abused by hackers?

Recently, researchers from Proofpoint found a phishing technique combined with dangerous social engineering skills. This technique, commonly known as a fake downloader, is not new, but it is effective.

These fake downloader campaigns appear to be the work of threat actor TA569, also known as SocGholish. TA569 is known for compromising CMS servers and conditionally injecting and redirecting web traffic to social engineering kits.

“In June and July 2020, thousands of messages were sent to organizations in Canada, France, Germany, Spain, Italy, the United Kingdom, and the United States. In one campaign from early July alone, Proofpoint observed nearly 18,000 messages from this actor. These campaigns featured links to websites compromised with SocGholish HTML injects.” – Proofpoint

These messages include links which led to a spoofed browser update page. The page gives users messages like ‘Your are using an older version of Chrome’ and a download button to update the browser. It exploits the intended recipient’s desire to practice good security hygiene. Clicking on the update button downloads a JavaScript or HTA file which executes the next stage malware.

Below are examples of the fake browser update pages:

“The observed malware includes a banking Trojan (Chthonic) and/or remote-control software (NetSupport). Chthonic is a variant of the Zeus banking Trojan and NetSupport is a legitimate remote-access application often abused by threat actors.” – ProofPoint

We have also compiled important tips to safeguard your online presence in below topics:

Pic credit and source : Proofpoint.
By LTR Admin

Leave a Reply

Your email address will not be published. Required fields are marked *