Hackers hijack the Windows launch of the Arc browser with a malvertising campaign
Hackers are taking advantage of the Windows launch of the Arc browser to trick victims into downloading malware.
Arc is a relatively new internet browser, first launched for macOS in the summer of 2023 – and initial feedback from both media and users was positive enough to lead to the release of a Windows version as well.
However, at the same time, unidentified hackers created websites with typed domains, which were apparently identical to the browser’s actual website. They also created ads on Google which, due to certain issues with the network, showed the legitimate website but redirected people to the typed website.
Spotting bad ads
This meant that customers who wanted to install Arc on their Windows device and used Google to search for it would find an ad at the very top of the Google search results page.
The ad seemingly pointed to the site’s actual website, but redirected victims to a malicious site that offered an infected version of the browser installer hosted on MEGA for download.
Anyone who downloads this installer will see the browser, as well as malware that, according to initial reports, appears to be an infostealer, although confirmation on the nature of the malware has yet to be confirmed.
Hackers always take advantage of major events and product launches to trick people into giving away sensitive data or downloading malware. Events such as the FIFA World Cup, the Olympics, the launch of Chat-GPT, the launch of Windows 11, and others, have all been exploited in the past to deliver bad code to people.
The best way to protect yourself against these attacks is to always type the website address into the browser, rather than ‘just Googling’ it. If you are not familiar with the site, consider the search engine results and always check the characters in the address bar before downloading anything.
Through BleepingComputer