More Old Wine In a New Bottle:
Phishing Via Fake Updates for
Google Chrome
Most computer users today are well aware of the need to frequently update their software. Criminals who lurk online are also aware of the need to constantly update. The results of research by security vendor, Proofpoint, detail how cybercrooks are using social engineering techniques around updating common applications that trick users into installing malware when visiting a compromised website. A blog post by Proofpoint, dated June 17, 2024, details these techniques. For those who would like more technical information, please go to the hyperlinked article.
In
one current scheme, potential victims are lured into malware installation from a
popup
that occurs when visiting a compromised website, usually a web created
by Wordpress. As shown to the right, the intended victim is instructed to copy and paste
a script into Windows PowerShell. Many Consumers are not familiar
with the Windows PowerShell application. The popup offers some
guidance on how to call up PowerShell. Google Chrome has no reason
to ever prompt a user to run PowerShell. For Readers who may not
be familiar with Windows PowerShell, it is a command line interface,
shown here above.
An article published April 25, 2024, by website, HowToWP, details the many way Wordpress websites can be hacked. As noted in the article cited above, 43% of websites found on the Internet are created using Wordpress. And, thus, making for a greater likelihood that attacks like these will be successful. Truth in adverting: The webpage you are currently viewing was not created using Wordpress, This page was entirely created using HTML and CSS, as are all my webpages.
Proofpoint has tracked several variations of this technique that have
been circulating on the web for several months now. On
October 17,
2023, Proofpoint published how fake Chrome updates overlay messages
can popup from
compromised websites.
This is another effort to trick users into
downloading malware. One variation of this technique tells users
that the version of Chrome they are using is out of date and they must
update the version of Chrome that is installed. As this second
graphic to the left shows, the image might look
quite convincing to some users.
Needless to say, this is not how Google Chrome is updated. Moreover, like the fake AV alerts that tell users to contact Microsoft about the malware that has infected their computers, this fake alert is not something Google does.
Google does often update Chrome. What I recommend to users is to check everyday to verify their version of Chrome is up to date. By doing so, users can be confident that they are always up to date.
To update Google Chrome yourself, and be confident that you are always on the newest build, do the following once a day.
|
Start Chrome. Click the 3 dot control in the upper right hand corner of the screen. Scroll down to Help and mouse over Help.. Then mouse over and click About Google Chrome. |
 |
| When you click About Google
Chrome, Chrome will automatically check to see if there is a newer version available. If there is a newer version, Chrome will begin the process of downloading and installing the newest version. |
 |
| After the update is completed, you
will be prompted to Prelaunch Chrome. Click the Relaunch Chrome. |
 |
| After the updating process is completed, Chrome will report that it is up to date. |
 |
I suggest all users of Google make this check for updates a daily ritual. Chrome does need to be updated quite frequently these days. Checking for updates often will mean you will never have to guess whether your version is the most current version of Google Chrome.
Google Chr—oo—oo—me
I got a nice web browser
Shows me all the
shiny colors
So, Mama, don't take my Google Chrome away.
— With
Apologies to Paul Simon
Gerald Reiff
| Back to Top | ← previous post | next post → |
| If you find this article of value, please help keep the blog going by making a contribution at GoFundMe or Paypal | ||