There are currently several fake ‘update your browser’ campaigns running that aim to trick people into installing various types of malware on their devices.
A new report from Proofpoint observed at least four different campaigns, delivering various malicious software to victims. The first thing these groups do is compromise legitimate websites in a number of ways, from brute force penetration to exploiting vulnerabilities in various modules of the websites.
Once they gain access, they modify the site to display a pop-up pretending to be Google, Mozilla, Microsoft or other companies using their own browser (depending on what the user is using at the time of the visit ). The pop-up informs the user that his browser is out of date and that if he wants to view the site’s content, he must download and install an update.
Infostealers and other malware
How people end up on these sites is anyone’s guess. Some must be frequent visitors, but others may get a link via an email or a social media post, or may even end up on the sites through SEO poisoning or malicious ad campaigns.
Either way, if they download and run the “update,” they will infect their endpoint with one of these malware (at least in this latest instance): SocGholish, NETSupport RAT, Lumma, Redline, or Raccoon v2. These are all capable of extracting sensitive information from the victim, which can later be used for phase-two attacks or identity theft.
The best way to protect yourself from these types of attacks is to use common sense. None of the major browser makers ask their users to update their browsers to view the content, and even if they did want to, they wouldn’t do it through a pop-up window. Most browsers update automatically in the background, without user intervention.