Tuesday 24 April 2018, Poradnik bezpieczeństwa
“FakeUpdates” campaign – watch out for suspicious internet browsers’ “updates”
Lost24
The security experts from Malwarebytes Labs have observed a malware campaign delivering fake updates that infect victims computers with various malware. The campaign distributes malicious JavaScript files via compromised websites.
The compromised websites are exploited via outdated Content Management Systems (CMSs) that are vulnerable to malicious code injection. When a user visits one of the compromised sites, an injected JavaScript file loads a new template over the page claiming they are using an old version of Adobe Flash Chrome, or Firefox and starts the download of a fake update, disguised as a JavaScript file.
The JavaScript contains obfuscation maneuvers that prevent it from being detected by security programs. It collects information about the victims’ machines and transfers it to the server that sends commands for the file.
The fake updates should no longer be a problem as a multitude of security researchers are constantly reminding users to only install updates from reliable sources. However, fake Google Chrome and Mozilla Firefox updates are still thriving and distributing ransomware, Trojans, key-loggers and other types of malicious content.
There are no comments