Fake Google Chrome update tricks thousands of users worldwide

Ruth C. | March 31, 2020

One would never think that a Russian-based antivirus software company would come to the rescue of the world’s biggest tech giant, Google. But security analysts found a dangerous loophole in a recent Google Chrome update. Hackers already has a way to take advantage of it. They covered the unsecured backdoor as a new Google Chrome release, maliciously infecting more than 3,000 users around the world.

Phony Google Chrome installer containing nasty malware

Cyber researchers from the Russian-based company “Doctor Web” released a warning after finding a backdoor in the newest Google Chrome version. Many people fell off by downloading dangerous software covered under the name of Google Chrome update. According to Dr. Web researchers, the scam spreads through WordPress-based websites, where hackers achieved illegal access. The report revealed that there are many trustworthy sites among these, including news blogs and official corporate websites. In websites, which use WordPress CMS platform, hackers embedded some pretty dodgy JavaScript code that sends visitors straight to a phishing site.

At first sight, the website appears to be familiar to Google’s official Chrome update page. Unfortunately, it’s far from legitimate - the site contains a malicious file, hidden under “Download Google Chrome Update” button. Once a visitor clicks on the innocent button, it downloads a malware installer that allows the attacker to get remote control access to a victim’s device. With such a file, threat actors can obfuscate the malware from Windows antivirus protection. Infecting a device without leaving any alarming trace. With one folder, containing a keylogger and a known Russian data stealer, Predator the Thief, attackers can deliver further payloads of viruses. Later on, they can install pretty much anything - ransomware, cryptocurrency stealers, or botnet malware.

Hackers reportedly select their targets based on geolocation and browser detection. Windows Google Chrome users from the UK, US, Australia, Turkey, UK, and Israel are known to be affected by the criminal group.

Think you might have fallen a victim? Here’s what to do

As of March 19, Google confirmed that they pause all upcoming Chrome updates as the impact of Coronavirus pandemic causes work schedules adjustments for developers. However, Google assures it will “continue to prioritize any updates related to security.” The upcoming release of Chrome 82 is paused, and meanwhile, you should beware of the dangers and watch out for the scammers that are trying to confuse you. The latest Chrome version is 80.0.3987.149, and there are no newer versions as of yet.

You can check which version you have installed by referring to your Chrome’s three-dot dropdown menu, click on ‘Help,’ and choose the ‘About Google Chrome’ option. If you knew or not, Google Chrome comes with a built-in feature to install the updates automatically. If for some reason, you are not running the latest version, the installation process will kick in automatically upon checking the current browser’s version. Remember: you will never be redirected to a separate web page to download a new release for your browser.

Another critical factor to prevent yourself from falling a victim on the net is using some common sense. Do not click on suspicious, random buttons - always hover your mouse over any links to check where they are about to redirect you. Also, another huge red flag is poor spelling and grammar errors that commonly appear in scamming campaigns. You should get into the habit of looking particularly closely at the text that contains links.

Even if you do have antivirus software, consider adding a Virtual Private Network on top of your security firewall. Indeed, the antivirus software can remove the virus, whereas a VPN can prevent the infection from getting into your device. In the end, the combination of these two will blow any bad actor away. Don’t fall prey, grab Atlas VPN:

Ruth C.

Ruth C.

Cybersecurity Researcher and Publisher at Atlas VPN. Interested in cybercrime, online security, and privacy-related topics.



© 2023 Atlas VPN. All rights reserved.