Fake web browser updates are being used to spread remote access trojans (RATs) and information stealer malware like BitRAT and Lumma Stealer (aka LummaC2).
“Fake browser updates have been responsible for numerous malware infections, including those of the well-known SocGholish malware,”cybersecurity company eSentire stated in a recent research. “In April 2024, we observed FakeBat being distributed via similar fake update mechanisms.”
The attack chain begins when potential targets visit a fake website with JavaScript code that redirects them to a fraudulent browser update page (“chatgpt-app[.]cloud”). The redirected web page includes a download link to a ZIP archive file (“Update.zip”) located on Discord that is automatically downloaded to the victim’s device.
It’s worth noting that threat actors frequently use Discord as an attack vector, with Bitdefender’s recent study revealing more than 50,000 unsecured connections propagating malware, phishing campaigns, and spam during the past six months.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: