Fake web browser updates are being used to deliver remote access trojans (RATs) and information stealer malware such as
BitRAT and
Lumma Stealer (aka LummaC2).
"Fake browser updates have been responsible for numerous malware infections, including those of the well-known SocGholish malware," cybersecurity firm eSentire
said in a new report.
The attack chain commences when prospective targets visits a booby-trapped website that contains JavaScript code designed to redirect users to a bogus browser update page ("chatgpt-app[.]cloud").
The redirected web page comes embedded with a download link to a ZIP archive file ("Update.zip") that's hosted on Discord and downloaded automatically to the victim's device.
