Cybercriminals use fake Google Chrome, Microsoft Word errors to spread info-stealing malware 

A new threat campaign was found using fake Google Chrome, Microsoft Word errors to trick users into downloading malicious files and installing malware  

Updated - June 18, 2024 06:04 pm IST

Threat actors are using fake Google Chrome, Miscrosoft Word errors to spread info-stealing malware.

Threat actors are using fake Google Chrome, Miscrosoft Word errors to spread info-stealing malware. | Photo Credit: Reuters

Threat actors keep switching methods to distribute malicious files and trick users into downloading malware. One such campaign was found using fake Google Chrome, Microsoft Word, and OneDrive errors to trick users.

The new campaign was observed being used by multiple threat actors some of which are known for operating spam distribution campaigns by sending large volumes of emails, a report from Bleeping Computer said.

The campaign uses error messages that are sent to unsuspecting users through emails, as well as website overlays. These messages are used to trick users into downloading fake browser updates. These updates are then used to install malware onto a user’s device.

Researchers observed three attack chains that are being utilized to spread malware. These include fake Google Chrome warnings that are displayed when a user visits a compromised website, fake website overlays and fake error reports shared via emails.

(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)

In the first case, users are met with a warning saying there is a problem in displaying a webpage. The warning prompts the user to install a “root certificate” by copying a PowerShell script into the Windows Clipboard and running it in a Windows Admin console. This script is used to display decoy messages while it downloads and installs an info-stealer onto the device.

The second method also uses compromised websites. However, in this method, attackers were found using overlays of Google Chrome errors.

In the third method, attackers share an email resembling Microsoft Word document prompts to ask users to download what looks like “Word Online” extensions to view documents correctly. The error message also contains offers on “How to fix” and “Auto-fix” options. These contain commands that attackers say can be copied to the clipboard and pasted into PowerShell to resolve the error. However, as before this is used to download malware onto the device compromising user security.

While the campaign depends on the lack of user awareness to deliver malware, the inability of Windows to detect and block malicious actions has further exacerbated the problem.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.