EXECUTIVE SUMMARY
A new fake browser update campaign has emerged, targeting hundreds of websites by injecting malicious code that prompts users with deceptive Google Chrome update pop-ups. These pop-ups trick users into downloading malware, posing a significant risk to their devices and personal information. This campaign highlights the growing threat of hackers using legitimate-looking prompts to distribute harmful software.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY
A new fake browser update campaign has emerged, targeting hundreds of websites by injecting malicious code that prompts users with deceptive Google Chrome update pop-ups. These pop-ups trick users into downloading malware, posing a significant risk to their devices and personal information. This campaign highlights the growing threat of hackers using legitimate-looking prompts to distribute harmful software.[emaillocker id="1283"]
The infection begins with malicious code injection into compromised websites, displaying a misleading pop-up message urging users to update their Chrome browser. Regardless of the browser in use, the pop-up appears, redirecting users to malicious URLs where malware, such as remote access trojans or infostealers, is downloaded. The attack exploits the legitimate WordPress plugin "Hustle" to display these pop-ups, with the malicious code often hidden in JSON files within the website's directory or the database.
Website owners must adopt proactive security measures to mitigate such threats. Regularly review and remove unused plugins, generate strong passwords, monitor for suspicious activity, and use two-factor authentication. Keeping software up-to-date and employing web application firewalls are essential steps to protect against these deceptive and harmful campaigns. If a site is suspected of infection, immediate professional help should be sought to clean up and restore the site.
THREAT PROFILE:
| Tactic | Technique Id | Technique |
| Initial Access | T1190 | Exploit Public-Facing Application |
| Execution | T1204 | User Execution |
| Persistence | T1505 | server Software Component |
| Privilege Escalation | T1078 | Valid Accounts |
| Defense Evasion | T1070 | File Deletion |
| Credential Access | T1552 | Unsecured Credentials |
| Discovery | T1083 | File and Directory Discovery |
| Lateral Movement | T1570 | Lateral Tool Transfer |
| Collection | T1113 | Screen Capture |
| Command and Control | T1071 | Application Layer Protocol |
| Exfiltration | T1041 | Exfiltration Over C2 Channel |
REFERENCES:
The following reports contain further technical details:
[/emaillocker]