Malicious ads lead to fake browser updates
Every now and then, malware peddlers employ the “Your browser is out of date, download the update here” approach to saddling inexperienced users with their malicious wares.
StopMalwertising warns of another upswing of this particular tactic, which starts with malicious ads leading to pages able to detect which browser users use and serve them with a fake notification about them needing to update their browser:
The landing page was initially located on securebrowserupdate.com, but has since been removed. Still, you can bet on the fact that there are more like it out there.
“At securebrowserupdate.com there’s an update for every browser. If the script can’t make up which browser you’re running, Mozilla 5.1, GoogleBot 2.1 or unknown unknown.1 Service Packs are offered for download,” they share.
These served pages have the look and the feel of the legitimate browsers’ sites they are trying to impersonate, so it’s understandable how some users might fall for the scheme. According to Trend Micro, French, US and Spanish users are among the most targeted / gullible.
“Instead of an update, users download a malware detected as JS_DLOADR.AET, which was found capable of changing the downloaded binary to have a different payload,” Trend Micro researchers shared.
“The malicious JavaScript, in turn, downloads TROJ_STARTPA.AET and saves it as {Browser Download Path}\install.exe. Based on our initial analysis, the Trojan modifies the user’s Internet Explorer home page to http://{BLOCKED}rtpage.com, a site that may host other malicious files that can further infect a user’s system.”
StopMalwertising detected another JavaScript on the site, which apparently pops up requests and notifications such as:
- Sent to your number sms with a secret code. Enter your confirmation code activation.
- An error occurred while processing the request server.
- Software is successfully activated.
Obviously, users are in additional danger of sending an SMS to a premium rate service in order to activate the bogus updates.
While avoiding schemes like this altogether isn’t possible, it is actually very easy not to fall for them: simply make sure to download browser updates only from their official sites (type in the correct URL yourself), or set the browser to update itself automatically.