All new tricky threat of the fake browser update scam

Long-standing malware scams often prey on unsuspecting internet users, and the old trick of prompting website visitors to update their browsers to view content has resurfaced.

The latest twist? The culprits now hide malicious files on an encrypted cryptocurrency blockchain, making their malicious intent harder to neutralize.

 

New scam called ClearFake causes compromised websites to push visitors a dangerous update

In August 2023, cyber sleuth Randy McEoin shed light on a scam called ClearFake. This mischief targets users via compromised WordPress sites, displaying a message urging them to update their browsers.

It’s eerily precise too. Chrome users, for example, see a Chrome-specific alert. But clicking on the “update” lures users into downloading malicious software designed to steal information. Chrome browser update warning across multiple devices with a tempting blue button in the center.

Credit: Randy McEoin

MORE: YOU ARE A HACKER TARGET WHETHER YOU KNOW IT OR NOT  

 

Shifty cybercriminals evolving to deliver poisonous payloads to you

According to Guardio Labs, a reputable security firm in Tel Aviv, the ClearFake scam has evolved. Initially, the attackers stored their devious files on Cloudflare. However, when Cloudflare clamped down, these perpetrators shifted their operations to the Binance Smart Chain (BSC). This platform supports decentralized apps and automated “smart contracts.”  The worst thing is that these payloads of bed stuff called contracts leave no trace behind.

Nati Tal, Guardio Labs’ security chief, explained that these bad actors exploit BSC’s infrastructure, creating what are called malicious ‘contracts.’ Once activated, these contracts are designed to deliver their harmful payloads.

“The strength of these contracts lies in their innovation and accessibility,” Tal stated. “Given the blockchain’s nature, hosting code becomes virtually untouchable, evading any takedown attempts.”

 

Both scams spread malware and can fool smart people

Guardio believes that the minds behind the BSC malware and ClearFake are the same. Meanwhile, email security experts at Proofpoint have identified multiple groups using fake browser update schemes to spread malware.

Proofpoint further observes that such methods persist because they’re effective. They exploit users’ safety training by posing as trusted sites. Dusty Miller of Proofpoint comments, “Users are conditioned to trust updates from known sources. These scams manipulate that trust, making users believe they’re on a legitimate site, urging a browser update.”

MORE: HOW TO OUTSMART CRIMINAL HACKERS BY LOCKING THEM OUT OF YOUR DIGITAL ACCOUNTS 

What you need to do next to protect yourself

Always stay vigilant online!  By far, the single best thing you can do for yourself and those you love is to make yourself resilient against attacks like these in the first place.   Invest in strong antivirus protection on all of your devices and keep all operation software updated at all times.  The best way to protect yourself is to have antivirus protection installed on all your devices. Strong antivirus software actively running on your devices will alert you of any malware in your system, warn you against clicking on any malicious links in phishing emails, and ultimately protect you from being hacked.

Special deal for CyberGuy Readers:  My #1 pick is TotalAV, and you can get a limited-time deal for CyberGuy readers: $19 your first year (80% off) for the TotalAV Antivirus Pro package.  

See the best 2023 antivirus protection winners for your Windows, Mac, Android & iOS devices.

Best Antivirus Protection 2023

 

Kurt’s key takeaways

These scams are designed to trick you into downloading malware that can damage your devices and expose your personal information. Don’t fall for any browser update alerts that pop up on suspicious websites. They could be hiding malicious files that can infect your system. Always check for updates on the official browser websites, and protect yourself with strong antivirus protection.

What steps have you taken to protect yourself from malware? Let us know by commenting below.

FOR MORE OF MY TECH TIPS & SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE

 

Answers to the most asked CyberGuy questions:

 

 

 

Copyright 2023 CyberGuy.com.  All rights reserved.  CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.

Related posts

Understanding brushing scams and how to protect yourself

From TikTok to trouble: How your online data can be weaponized against you

Massive data breach at federal credit union exposes 240,000 members

5 comments

Pan October 19, 2023 - 10:58 am
Good tip
Add Comment