Ignore These Fake Chrome Errors That Ask You to Install Malware
Google Chrome isn’t doing very well this year. Back in May, the Google-built browser was hit by at least four zero-day exploits, all of which Google was able to fix in a fairly timely manner, forcing Chrome users to update quite frequently. However, it looks like a new exploit has emerged, and it’s quite a clever one.
The latest attempt to trick Chrome users into installing malware on their computers comes in the form of fake bugs, according to a new report from ProofPoint. According to the security company, false errors can also appear as Word and OneDrive errors.
The campaign is being used by several attackers, including the group behind a new attack called ClickFix, as well as those behind existing attacks such as ClearFake. The well-known attacker TA571 is also believed to be involved. Similar to previous ClearFake attacks that used website overlays to lure visitors into installing fake browser updates riddled with malware, the new threat causes a pop-up to appear on the screen prompting users to fix the problem in their browser.
The instructions included in the fake Chrome bug tell users to click a “copy” button and then paste the “fix” into their Windows Powershell application, running it as an administrator. This is exceptionally bad news because it gives the instructions inside the copied command full access to your computer.
ProofPoint says the team checks to see if a computer is a viable target and then essentially opens the floodgates for various malware to be installed on it. One of the main downloads included in the package is an information theft program that can collect your personal information for criminals, allowing them to use it as they wish.
ProofPoint also reported that the malware is spreading through an email infection chain that uses an HTML attachment posing as a Word Online extension. When you try to open it, you will receive an error message asking you to follow the same steps as for the Chrome error. The team’s basics are slightly different, ProofPoint notes, but the overall goal is the same: install malware on your computer so attackers can get your data.
Legitimate Chrome or Microsoft Word messages will never ask you to paste anything into Windows Powershell. If you are concerned that you may already be infected, run an antivirus or malware scan as soon as possible.