Security researchers warned about a new fake Chrome browser update campaign that used a new malware, dubbed FakeUpdateRU, to trick users into downloading a remote access trojan.
The campaign first came to light after the malware had already impacted numerous websites, which was later addressed by Google.
Infection process
According to Sucuri researchers, the malware affects both WordPress sites and CMS platforms.
In the campaign, the malware overwrites the main index.php file to replace the website content with a malicious overlay.
In some cases, the malware was injected in index.html files under the wp-content directory.
Some of these infected websites contained JavaScript code which was used to communicate with a Telegram channel.
Attackers used Telegram to manage notifications of when victims downloaded the payloads.
A similar incident noticed in the past
Recently, Sekioa researchers observed a similar campaign that leveraged a new ClearFake malware. The tactics and techniques used in the campaign were similar to SocGholish and FakeSG campaigns, which primarily revolved around using social engineering tactics and tricking users into installing bogus web browser updates.
The bottom line
The emergence of a new fake Google Chrome update malware serves as a reminder that it is of utmost importance to upgrade browser/s using standard procedures. Users are advised to regularly monitor the plugins and themes used on their sites. Keeping regular backups of websites, and implementing firewalls are crucial to prevent attacks from malware like FakeUpdateRU.