Fake Browser Updates Deliver Malware

According to a recent alert from StopMalvertising.com, cybercriminals are leveraging the announcement of recent Chrome and Firefox browser updates to distribute malware.

“Internet users are told that their current browser version is out of date and they are invited to install the latest update,” the alert states. “Victims are redirected to securebrowserupdate.com via a malvertisement. The domain securebrowserupdate.com has been registered on the 16th November 2012 via name.com. The registrant details are protected by a privacy service.”

“To make the scam appear genuine, the software behind the pop-up window can typically determine which browser is in use at the time,” writes CRN’s Ken Presti. “A number of options are presented for update, but none of the identifiers match current versions of either browser.”

“Instead of an update, users download a malware detected as JS_DLOADR.AET, which was found capable of changing the downloaded binary to have a different payload,” writes TrendLabs threats analyst Roddell Santos. “The malicious JavaScript, in turn, downloads TROJ_STARTPA.AET and saved it as {Browser Download Path}install.exe.”

“The Trojan will change the browser’s home page to a site hosting additional malware, putting the user at further risk,” writes Threatpost’s Michael Mimoso.

Jeff Goldman
Jeff Goldman
Jeff Goldman has been a technology journalist for more than 20 years and an eSecurity Planet contributor since 2009.

Top Products

Related articles