silversurfer

Level 56
Verified
Trusted
Content Creator
Malware Hunter
Hacked corporate sites and news blogs running using the WordPress CMS are being used by attackers to deliver backdoor malware that allows them to drop several second-stage payloads such as keyloggers, info stealers, and Trojans.

After gaining admin access to the compromised WordPress websites, the hackers inject malicious JavaScript code that will automatically redirect visitors to phishing sites.

These landing pages are designed to look like a legitimate Google Chrome update page and are used by the attackers to instruct potential victims to download an update for their browser.

However, instead of a Chrome update, the targets will download malware installers that will infect their devices and will allow the operators behind this campaign to take control of their computers remotely.

Once executed, the malware installer drops a TeamViewer installation and unarchives two password-protected SFX archives containing the files needed to open the fake update page and to allow remote connections, as well as a script used by the malware to bypass the Windows built-in antivirus.

Fake Chrome update page

Fake Chrome update page (Doctor Web)​
 

venustus

Level 50
Verified
Trusted
Content Creator
Researchers from the Russian 'Doctor Web' virus laboratory have issued a warning after discovering thousands of victims have been tricked into downloading a dangerous backdoor that is disguised as an update to Google Chrome.
Updates and upgrades have been in the news a lot this last week, with Microsoft confirming unprecedented changes to Windows 10
updates
and WhatsApp users being warned about an upgrade warning that isn't what it seems. As reported by Kate O'Flaherty, March 19, Google has already paused all upcoming Chrome releases as the impact of the COVID-19 pandemic causes adjusted work schedules for developers. Google has also decided to skip the next point release, which was due to be Chrome 82. However, Google has confirmed that it will "continue to prioritize any updates related to security." Now Google Chrome users are being warned to watch out for what the security researchers who uncovered it describe as a "dangerous backdoor" that is disguised as, you guessed it, a Chrome update.