Online protection firm Proofpoint warns that new and sophisticated malware that impersonates Google Chrome and Microsoft has the potential to steal money from Windows device owners. Multiple groups of cyber criminals are using this malware, including some known for sending spam emails that can infect computers with malware or ransomware.
The malware poses as fake updates in internet browsers like Chrome to trick users into downloading harmful code. Once the code is on the computer, the hackers can access cryptocurrencies, sensitive files, and personal information.
GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE
How does the fake update malware work?
Proofpoint identified a larger distribution of the malware earlier this month, but the online protection firm believes the campaign has been ongoing since March 2024. The malware poses as fake Google Chrome, Word, and OneDrive errors to coerce users into downloading harmful code. These errors prompt the visitor to click a button to copy a PowerShell “fix” into the clipboard, then paste and run it in a Run dialog or PowerShell prompt.
“Although the attack chain requires significant user interaction to be successful, the social engineering is clever enough to present someone with what looks like a real problem and solution simultaneously, which may prompt a user to take action without considering the risk,” warns ProofPoint.
When the PowerShell script runs, it checks if the device is a valid target. Then, it downloads more payloads. These steps include clearing the DNS cache, removing clipboard content, showing a fake message, and downloading another remote PowerShell script.
BEST ANTIVIRUS FOR PCS, MACS, IPHONES AND ANDROIDS – CYBERGUY PICKS
Cryptocurrency theft
This second script checks if it’s running on a virtual machine before downloading an info-stealer. Once everything is ready, the hacker can access the victim’s cryptocurrency. This scheme redirects the victim’s funds to the hacker instead of the intended recipient.
Alternative attack method: Email lure
Proofpoint notes that bad actors also use another method called “email lure” to install harmful software. Emails, typically those that appear to be work- or corporate-related, contain an HTML file that resembles Microsoft Word. These emails prompt users to install the “Word Online” extension to view the document correctly.
Similar to the method above, users are prompted to open PowerShell and copy over malicious code. Proofpoint says the deceptive “campaign” is widespread. “The campaign included over 100,000 messages and targeted thousands of organizations globally,” according to the firm.
DON’T LET SNOOPS NEARBY LISTEN TO YOUR VOICEMAIL WITH THIS QUICK TIP
5 ways to protect yourself from harmful software
The fake Chrome and Microsoft Word malware creates a sense of urgency, making users click on the links and unknowingly compromise their devices. There are several steps you can take to protect yourself from such malware.
1) Have strong antivirus software: The best way to protect yourself from clicking malicious links that install malware that may get access to your private information is to have antivirus protection installed on all your devices. This can also alert you of any phishing emails or ransomware scams.
My top pick is TotalAV, and you can get a limited-time deal for CyberGuy readers: $19 your first year (80% off) for the TotalAV Antivirus Pro package.
2) Use a VPN: Consider using a VPN to protect against being tracked and to identify your potential location on websites that you visit. Many sites can read your IP address and, depending on their privacy settings, may display the city from which you are corresponding. A VPN will disguise your IP address to show an alternate location.
My top recommendation is ExpressVPN. It has a quick and easy setup, is available in 105 countries, and will not log your IP address, browsing history, traffic destination or metadata, or DNS queries.
Right now, you can get 3 extra months FREE with a 12-month ExpressVPN plan. That’s just $6.67 per month, a savings of 49%! Try it risk-free for 30 days.
3) Monitor your accounts: Regularly review your bank statements, credit card statements, and other financial accounts for any unauthorized activity. If you notice any suspicious transactions, report them immediately to your bank or credit card company.
4) Place a fraud alert: Contact one of the three major credit reporting agencies (Equifax, Experian, or TransUnion) and request a fraud alert to be placed on your credit file. This will make it more difficult for identity thieves to open new accounts in your name without verification.
5) Enable two-factor authentication: Enable two-factor authentication whenever possible. This adds an extra layer of security by requiring a second form of verification, such as a code sent to your phone, in addition to your password.
HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET
Kurt’s key takeaways
Hackers have cleverly designed malware that prompts you to install it on your devices. This malware specifically targets Windows users, and I’ve noticed that Windows devices seem to be more susceptible to these kinds of attacks. Recently, Microsoft admitted to a Wi-Fi driver flaw in Windows that allows hackers to hijack your PC simply by being on the same Wi-Fi network. It’s crucial to be cautious when browsing online or connecting to public Wi-Fi.
How do you verify the authenticity of software before downloading and installing it on your device? Let us know in the comments below.
FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
Copyright 2024 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.