Beware of the “Chrome Update” Scam
Software updates are important and inevitable. To enhance functionality and resolve existing security issues, you need to update your applications and computers. If you avoid updates, you may find that some programs, features, or even websites stop working properly.
However, if you visit a website and see a prompt to update Chrome to continue, run. Most likely, you just encountered fraud. Don’t fall for it.
WordPress sites get hacked
The scam in question targets WordPress websites – 10,000 of them, in fact, according to c/side , a web security company whose research has uncovered ongoing attacks.
Here’s what’s happening: Hackers are breaking into sites running outdated versions of WordPress and plugins. (c/side suggests that attackers are exploiting a vulnerability in a specific WordPress plugin to carry out their schemes.) Attackers are using two types of “popular” malware variants: AMOS (Atomic macOS Stealer), which attacks Apple devices, and SocGholish, which targets devices Windows.
When you visit one of these affected websites, the hackers override the site’s actual content, creating a new fake page. This manipulated content is supposedly a warning that you need to update your browser to visit this site because the page uses the “new Chrome engine.” Hackers add several different elements to this page to sell the scam, including two different upgrade options, a checkbox to sign up or automatic usage statistics and crash reports, and links to Google, Chrome, and ChromeOS Terms of Service. You’ll also see the Chrome logo, various menu options, and a rendering of the Chrome window.
These hackers are smarter than most. To the untrained eye, this warning page may look very real. Of course, there are some red flags: hackers aren’t very good at grammar and don’t capitalize the word “Chromium” or the first word in “downloading Chrome.” You also don’t expect to see Google using a comma between “The site uses the new Chrome engine and must be updated to continue.”
But if you’re trying to access a site and see a pop-up message, a quick glance may not be enough to distinguish it from a typical Google Chrome update warning. However, if you choose one of the upgrade options, this is where the problems start. The hackers’ goal is to trick you into downloading a malicious file onto your computer. Whether you use a Mac or PC, this malware is designed to steal your password and other important information . For example, AMOS malware steals data from Mac computers, such as usernames, passwords, cookies, and crypto wallets.
Obviously, this type of hacking is dangerous. Imagine that you accidentally downloaded this “update” to your computer and the malware proceeded to clean up your usernames and passwords. He can then report this to hackers, who will take this information and hack into your accounts, especially financial ones.
c/side has not revealed the full list of affected websites, but says some of the most popular websites on the Internet are affected.
Where to go from here
If you’re running a WordPress site, c/side recommends updating your WordPress installation and plugins and removing anything you no longer use. You should also look for any scenarios identified by researchers and look for any signs of malicious activity.
For the rest of us, if you think you have downloaded any malicious files from these websites, you should clean up your computer as soon as possible. You can try to identify the compromised files and remove them, but you can try a program that can scan your computer for you, such as Malwarebytes or Bitdefender . ( c/side also offers a similar service , which it advertises in its findings.)