Keeping your browser up to date, just like any other program, is very important. However, it is key to do it right. There are many scams on the Internet that could compromise your security by posing as legitimate software. In this case, we are talking about fake browser updates that can seriously endanger your security on the Internet. We are going to tell you what you should do to protect yourself and avoid problems.
The attacker’s goal is to make you believe that you are facing a browser update, but in reality they are passing you malware. Specifically, it is the SocGholish malware. It will take advantage of a website that has previously been attacked and display this fraudulent update with the aim of tricking visitors into falling into the trap.
Fake browser update
The process is very simple: you enter a website and suddenly you see a pop-up message telling you that you need to update your browser. This might seem like something legitimate, trustworthy, and the victim clicks on it. The problem is that it is actually malicious JavaScript, which will download a PowerShell script and that’s where the problem begins.
Basically, clicking to install that supposed browser update downloads malware that creates a directory with random file names, drops a ZIP file containing malicious software, and creates a scheduled task that allows it to run. It uses evasion mechanisms to avoid being detected by antivirus software, as well as identifying whether a virtualization system is running.
What can the attacker do if he manages to lure the victim into the bait? As is often the case with this type of malware, he would have the ability to steal information, send files, execute tasks that could result in the download of new malware, etc. He would have control of the system, which is a major problem.
How to protect yourself
Even though we are dealing with a fairly dangerous malware, you don’t have to worry as long as you follow the advice we are going to give you. The first thing is to maintain common sense. Never click, download files or install updates from unofficial sites or sites that you cannot trust 100%. When you have to update your browser, whether it is Google Chrome, Mozilla Firefox or any other, always do it from official sources.
It’s also a good idea to have an antivirus, but make sure it works properly and is going to be a real help. There are many options, both free and paid. Microsoft Defender itself is a good program that you can use to detect and remove threats as quickly as possible.
On the other hand, keeping your devices up to date is also essential. Not only should you update your software, such as your browser, but also your operating system or any drivers you use. This will help you reduce the risk of problems if a hacker were to exploit a known flaw.
In short, be careful if you come across a browser update when visiting a website. It could be a scam and it is always a good idea to install any update from official sources. Detecting that you are being spied on, protecting your privacy on social networks and being careful on public networks is key.
