An analysis from NTT Security has revealed that many websites that were hacked are trying to get users to install fake updates for Google Chrome. Downloading these updates could be highly dangerous because of the fact that this is the sort of thing that could potentially end up infecting your device with malware. The analyst behind this discovery has also stated that the malware campaign has extended to Japanese and several other languages besides English.
Users that visit these sites will see a page that claims that a Chrome update failed to download. This will appear as an error notification that is quite similar to what Chrome generally tends to show. With all of that having been said and now out of the way it is important to note that clicking on any link will led to the dissemination of the aforementioned malware.
Blocklisting these sites might not be all that effective, since they use the Pinata IPFS service to circumvent all blocks with all things having been considered and taken into account. In spite of the fact that this is the case, users can still identify compromised sites due to the slight differences in the error page
Even if a user does not click on anything, an download will be automatically requested. The contents are placed in a ZIP file labelled release.zip, which include a mining software for the crypto token known as Monero.
Once the device has been infected, CPU performance will plummet due to the vast resources that crypto mining tends to use. The miner is also rather sophisticated, since it is able to add itself to the Windows Defender exemption list. Furthermore, it is capable of altering the registry which can further obscure it and make it impossible to locate on a system.
All in all, this malware campaign is wreaking havoc with countless users. Consumers must be educated about the dangers of downloading files from websites without first having a full understanding of the source of the files. Third party sites rarely offer legitimate downloads, and steering clear of them can help users to protect themselves from malware campaigns such as these.
Read next: This Report Highlights the State of Sensitive Data
Users that visit these sites will see a page that claims that a Chrome update failed to download. This will appear as an error notification that is quite similar to what Chrome generally tends to show. With all of that having been said and now out of the way it is important to note that clicking on any link will led to the dissemination of the aforementioned malware.
Blocklisting these sites might not be all that effective, since they use the Pinata IPFS service to circumvent all blocks with all things having been considered and taken into account. In spite of the fact that this is the case, users can still identify compromised sites due to the slight differences in the error page
Even if a user does not click on anything, an download will be automatically requested. The contents are placed in a ZIP file labelled release.zip, which include a mining software for the crypto token known as Monero.
Once the device has been infected, CPU performance will plummet due to the vast resources that crypto mining tends to use. The miner is also rather sophisticated, since it is able to add itself to the Windows Defender exemption list. Furthermore, it is capable of altering the registry which can further obscure it and make it impossible to locate on a system.
All in all, this malware campaign is wreaking havoc with countless users. Consumers must be educated about the dangers of downloading files from websites without first having a full understanding of the source of the files. Third party sites rarely offer legitimate downloads, and steering clear of them can help users to protect themselves from malware campaigns such as these.
Read next: This Report Highlights the State of Sensitive Data