Cybersecurity researchers have issued a warning about a malware campaign that spreads malicious files through fake updates for Google Chrome.
The malware was first started distributed in December 2017, but unfortunately, it came to light now. It was discovered by the Malwarebytes's security researchers and dubbed this campaign as ‘FakeUpdates’.
According to security experts, the malware only targets Windows users, while Mac users are safe (for now).
The malware spreads bogus patches for other software too like Mozilla Firefox, Internet Explorer and Adobe Flash Player.
Malwarebytes researcher Jerome Segura explained in a blog post how website's Control Management System had been hacked to spread the malicious files.
The users were told their software needs an update, and by clicking on the update button it prompts users to download a JavaScript file hosted on Dropbox.
Segura said: “This JavaScript is heavily obfuscated to make static analysis very difficult and also to hide some crucial fingerprinting that is designed to evade virtual machines and sandboxes.”
Malware can be used for a wide-ranging purpose of collecting personal or financial data, displaying unwanted ads or gaining access to entire networks.
Segura said: “This campaign relies on a delivery mechanism that leverages social engineering and abuses a legitimate file hosting service.
“The ‘bait’ file consists of a script rather than a malicious executable, giving the attackers the flexibility to develop interesting obfuscation and fingerprinting techniques.
“Compromised websites were abused to not only redirect users but also to host the fake updates scheme, making their owner's unwitting participants in a malware campaign.
“This is why it is so important to keep Content Management Systems up to date, as well as use good security hygiene when it comes to authentication.”
The malware was first started distributed in December 2017, but unfortunately, it came to light now. It was discovered by the Malwarebytes's security researchers and dubbed this campaign as ‘FakeUpdates’.
According to security experts, the malware only targets Windows users, while Mac users are safe (for now).
The malware spreads bogus patches for other software too like Mozilla Firefox, Internet Explorer and Adobe Flash Player.
Malwarebytes researcher Jerome Segura explained in a blog post how website's Control Management System had been hacked to spread the malicious files.
The users were told their software needs an update, and by clicking on the update button it prompts users to download a JavaScript file hosted on Dropbox.
Segura said: “This JavaScript is heavily obfuscated to make static analysis very difficult and also to hide some crucial fingerprinting that is designed to evade virtual machines and sandboxes.”
Malware can be used for a wide-ranging purpose of collecting personal or financial data, displaying unwanted ads or gaining access to entire networks.
Segura said: “This campaign relies on a delivery mechanism that leverages social engineering and abuses a legitimate file hosting service.
“The ‘bait’ file consists of a script rather than a malicious executable, giving the attackers the flexibility to develop interesting obfuscation and fingerprinting techniques.
“Compromised websites were abused to not only redirect users but also to host the fake updates scheme, making their owner's unwitting participants in a malware campaign.
“This is why it is so important to keep Content Management Systems up to date, as well as use good security hygiene when it comes to authentication.”