Taking action to fix your Google Chrome browser could be the catalyst that infects your computer with malware, millions of users have been warned by new research.
Experts from cybersecurity firm Proofpoint have discovered a dangerous campaign that presents a fake update inside your Google Chrome web browser to force you to download malicious code. Following the steps outlined in the deceptive window will launch a Trojan horse-like attack on your computer.
Hackers can then go through personal data stored on your desktop computer or laptop, researchers describe a detailed blog post regarding the newly discovered attack.
Security experts have discovered several examples of Google Chrome pop-ups that encourage users of the web browser to paste malicious code into a terminal window on their computer
PROFIT POINT
Worse yet, the malware can be deployed to redirect any cryptocurrency sent from your computer to hackers’ pockets, security experts warn. Proofpoint researchers have not disclosed how much money they believe has been stolen from computer owners around the world using this technique.
“Ah, Snap! Something went wrong while displaying this web page,” reads an example of the spoof message discovered by security experts. “To display this web page correctly, please install the root certificate. Click the Fix it button and follow the further instructions.”
Another says: “Something went wrong while displaying this website. There was an error updating the latest version of the browser, causing some websites to not work.”
Both deceptive pop-ups encourage users to copy malware code with the press of a button, launch Windows Powershell (Admin) – a pre-installed application to enable users to control and automate parts of the operating system – from the menu Start, paste the malicious code and run it inside the terminal window.
In other words: it’s a step-by-step guide that teaches Windows users how to execute the attack themselves.
This technique of using “fake error messages,” the researchers warned, “is clever and pretends to be an authoritative notification coming from the operating system.”
Any individual or application that instructs you to run unknown code inside a terminal or shell should ring alarm bells, the researchers advised. This deep level of system access allows hackers to cause massive damage.
And it’s not just Google Chrome users who need to be wary of this type of attack. Proofpoint researchers have discovered evidence of a very similar attack targeting Microsoft Word users.
The malicious pop-up is designed to look like a legitimate warning from Microsoft and – just like the attack targeting Google Chrome users – will prompt unsuspecting users to enter the code into a terminal.
“The ‘Word Online’ extension is not installed in your browser. To view the document offline, click the ‘How to fix’ button,” says one example of these misleading warnings.
Although the browser-based version of Microsoft Word works on all platforms, the hack is specifically designed for the Windows operating system. As such, only those with Windows 10 or Windows 11 will be affected by the latest campaign from the hackers.
Another example of this type of attack, highlighted by researchers from Proofpoint, targets people using Microsoft Word in their browser.
PROFIT POINT
The researchers point out that this attack “requires significant user interaction to be successful,” which could limit its worldwide impact. Proofpoint researchers add: “Organizations should train users to identify activity and report suspicious activity to their security teams.
“This is very specific training, but it can be easily integrated into an existing user training program.”
RECENT DEVELOPMENTS
Applications will Google Chrome and Microsoft Word never requires you to manually enter the code in another app to unlock features. If any of the above pop-up warnings – or similar instructions – appear on your computer, approach with extreme caution.