I wasn't sure of the best place to post this.
The website ghacks.net has either been hacked or, what is more likely, is a victim of a malvertising campaign. If you visit any webpage there, a few seconds after the page loads, the content gets replaced with a fake browser update message, to try and trick the site visitor into downloading an updated version which is actually malware. This is shown in the Chromium based browser I use.
When I visit the site in Edge I get the following.
In both cases, when moving the mouse cursor over the download link, it shows a valid URL for download pages for Chrome or Edge. However if you click on the link, it will download a file named ChromeSetup.exe or MlсrоsоftЕdgеSеtup, from Dropbox, which is malicious. There is also a different fake update page for Firefox and maybe some other browsers too.
The malware currently has 35 detections at VirusTotal, with Kaspersky detecting it as Trojan-Downloader.Win64.RustyPita.y.
The website ghacks.net has either been hacked or, what is more likely, is a victim of a malvertising campaign. If you visit any webpage there, a few seconds after the page loads, the content gets replaced with a fake browser update message, to try and trick the site visitor into downloading an updated version which is actually malware. This is shown in the Chromium based browser I use.
When I visit the site in Edge I get the following.
In both cases, when moving the mouse cursor over the download link, it shows a valid URL for download pages for Chrome or Edge. However if you click on the link, it will download a file named ChromeSetup.exe or MlсrоsоftЕdgеSеtup, from Dropbox, which is malicious. There is also a different fake update page for Firefox and maybe some other browsers too.
The malware currently has 35 detections at VirusTotal, with Kaspersky detecting it as Trojan-Downloader.Win64.RustyPita.y.