The threat is growing: fake browser update notifications have been observed in Europe, as far as France, where hackers are exploiting user trust to spread malware.
False update notifications from browsers like Google Chrome, Edge and Firefox are on the rise and represent, as cybersecurity specialist Proofpoint tells us, a threat that is now very widespread in Europe, including in France. Hackers target users by pretending to be ordinary updates, tricking victims with well-practiced social engineering techniques.
Fake updates that affect major browsers and are distributed in several languages
The identified attacks appear on already compromised websites, and when users come across them, they are prompted to click on a download link, which actually hides good old malware. According to Proofpoint, several groups (RogueRaticate, SmartApeSG, ClearFake) have been using SocGholish malware, some for more than five years, and in several languages, including French. But the success of this technique lies in its ability to exploit users’ trust in updates to known and reliable tools.
Obviously, update notifications from browsers such as Chrome, Firefox or Edge seem familiar to you. But they may hide a growing danger. Cybercriminals will indeed take advantage of your desire to secure your work environment to distribute malware.
And, although this technique is not new, it remains effective, thanks to the mixture of social engineering and technicality. Hackers manage to convince their targets of the legitimacy of their messages, which makes them devilishly effective. The goal ? Steal data, take remote control of a computer, or inject ransomware.
Faced with sneak attacks, the response of awareness and training
The problem is that these attacks are more difficult to detect. They compromise trusted sites and use discreet verification techniques, which allow the lures to go unnoticed. Security teams therefore have their work cut out for them to prevent and communicate effectively about this growing risk.
Faced with this threat, defense in depth remains the best strategy. What do we mean here? Organizations must concretely strengthen their network detection systems and protect their access points. Training and awareness remain essential to help users recognize suspicious activity, and especially report it to security teams.
Reliance on browser update notifications can unfortunately backfire for less attentive users. As they seek to secure their devices, they expose themselves to the risks of infection and the spread of malware. Once again, awareness and training are the key words to escape the wrath of hackers.
Download
7.8
- Very good performance
- Simple and pleasant to use
- A well-secured browser
Complete and fluid, Google Chrome has established itself as a free reference for web browsers and is in an excellent position compared to other flagship applications such as Mozilla Firefox and Microsoft Edge (formerly Internet Explorer). To complete its Windows, Mac and Linux version for computers, the Californian firm also offers a mobile version compatible with Android and iOS.
Complete and fluid, Google Chrome has established itself as a free reference for web browsers and is in an excellent position compared to other flagship applications such as Mozilla Firefox and Microsoft Edge (formerly Internet Explorer). To complete its Windows, Mac and Linux version for computers, the Californian firm also offers a mobile version compatible with Android and iOS.
7