Malware distribution on users’ computers is achieved through phony browser updates presented on websites that hackers have hijacked.
When a user visits a hacked website, they may see a message purporting to be from the browser’s developer (such as Chrome, Firefox, or Edge) advising them to update their browser.
The link leads users to download harmful software instead of a secure browser update.
Although Proofpoint has not identified any instances of threat actors distributing harmful links via emails, it has detected compromised URLs in email traffic through various means, owing to the complexity of the problem.
Attackers use various techniques to filter traffic in each campaign, making it difficult for researchers to detect and analyze. Despite the differences in methods, they are all effective at obfuscating the attack.
While this may limit the reach of the malicious payload, it also allows the attackers to maintain access to the compromised sites for extended periods.
SocGholish:
Over the course of several years, there have been various discussions centered around the dangers of fake browser update lures. Among the many threats discussed, SocGholish has been identified as the most prominent one.
RogueRaticate/FakeSG:
A fraudulent browser update initiative, named RogueRaticate or FakeSG, has been detected. This scheme involves the injection of complex, hard-to-read JavaScript code into already existing JavaScript files.
Read more: cybersecuritynews.com
