Beware of fake browser updates, security experts warn
Article after article, expert after expert, has built the security message that you should always ensure your web browser is updated as soon as a security patch becomes available. This message has not changed, but you should notice one nuance: how your browser update is applied. The warning not to update your browser comes after the discovery of a new threat campaign that installs a Windows security backdoor disguised as updates to popular web browsers, including Google Chrome, Microsoft Edge and Mozilla Firefox. Here’s what you need to know.
WarmCookie Windows Backdoor was installed by fake web browser updates
Security researchers at Gen Threat Labs have warned users of the most popular web browser apps to beware of an ongoing attack campaign targeting them via fake updates. A post on X has warned that attackers are distributing the Windows WarmCookie backdoor malware through compromised sites.
It seems that the campaign is run by a well-known group criminal hackers named SocGolishwhich is behind the websites that are either created or hacked to display fake browser update messages when visitors land.
WarmCookie as a threat itself is not new, it can be dated to late 2022 when threat intelligence researchers at eSentire found to be distributed by fake job sites. The move to fake web browser security updates as a method to spread malware is ominous, to say the least. Not least because, along with most other security professionals and journalists who cover the cybersecurity field, I’ve been shouting the “update now” mantra for decades when it comes to patching security vulnerabilities in your browser.
This message, therefore, has not actually changed. You should ensure that your browser, whatever brand you choose to use, is updated as soon as possible after a security patch is released. What you shouldn’t do, and what this warning is ultimately about, is update it by any means other than using the built-in tools. Definitely avoid any pop-up or notification from a website asking you to download an update, no matter how realistic, genuine and pressing it may seem.
How to safely secure your browser with an update
Okay, first things first: you don’t have to do anything. It’s true. If you just leave things alone, your browser will automatically update to the latest version. Mainly. The problem of not updating is actually the problem of not enabling the update, and this is especially true for those who keep dozens of tabs open and never close and restart the browser itself. This last step is required to activate the installed security update, so I always recommend that users start the process manually and as soon as possible after learning about the availability of the patch.
Well, with that in mind, I recommend that you continue to manually update your browser, even with automatic updates enabled. To do this for Chrome users and other browsers that will be similar, go to Help|About in the menu. If the update is available, the download will start automatically.
Then close all your tabs and hit the restart button, which will restart the browser and activate the patch.
