Malware Disguised as Google Updates Pushed via Hacked News Sites

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
Hacked corporate sites and news blogs running using the WordPress CMS are being used by attackers to deliver backdoor malware that allows them to drop several second-stage payloads such as keyloggers, info stealers, and Trojans.

After gaining admin access to the compromised WordPress websites, the hackers inject malicious JavaScript code that will automatically redirect visitors to phishing sites.

These landing pages are designed to look like a legitimate Google Chrome update page and are used by the attackers to instruct potential victims to download an update for their browser.

However, instead of a Chrome update, the targets will download malware installers that will infect their devices and will allow the operators behind this campaign to take control of their computers remotely.

Once executed, the malware installer drops a TeamViewer installation and unarchives two password-protected SFX archives containing the files needed to open the fake update page and to allow remote connections, as well as a script used by the malware to bypass the Windows built-in antivirus.

Fake Chrome update page

Fake Chrome update page (Doctor Web)​
 

Venustus

Level 59
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Dec 30, 2012
4,809
Researchers from the Russian 'Doctor Web' virus laboratory have issued a warning after discovering thousands of victims have been tricked into downloading a dangerous backdoor that is disguised as an update to Google Chrome.
Updates and upgrades have been in the news a lot this last week, with Microsoft confirming unprecedented changes to Windows 10
updates
and WhatsApp users being warned about an upgrade warning that isn't what it seems. As reported by Kate O'Flaherty, March 19, Google has already paused all upcoming Chrome releases as the impact of the COVID-19 pandemic causes adjusted work schedules for developers. Google has also decided to skip the next point release, which was due to be Chrome 82. However, Google has confirmed that it will "continue to prioritize any updates related to security." Now Google Chrome users are being warned to watch out for what the security researchers who uncovered it describe as a "dangerous backdoor" that is disguised as, you guessed it, a Chrome update.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top