Software updates are crucial for maintaining security and functionality in your applications and devices. Regularly updating your software helps to enhance features and address existing security vulnerabilities. Neglecting these updates can result in programs, functions, or even websites not operating as intended.
However, if you encounter a prompt to update Chrome while visiting a website, it’s best to be cautious. This could very well be a scam. Avoid falling for it.
WordPress Sites Under Attack
The scam is specifically targeting WordPress websites—over 10,000 of them. According to research by c/side, a web security firm, these attacks have been uncovered.
Here’s the situation: Hackers are compromising sites that are running outdated versions of WordPress and its plugins. (c/side suggests that attackers are exploiting a vulnerability in a specific WordPress plugin to execute their schemes.) The attackers are utilizing two notorious malware variants: AMOS (Atomic macOS Stealer), targeting Apple devices, and SocGholish, which is aimed at Windows devices.
When users visit these infected websites, hackers replace the original content with a fraudulent page. This fake content claims that an update is necessary to continue using the browser, stating the need for “the new chromium engine.” The hackers enhance this deceitful page with various elements to sell the scam, including multiple update options, a checkbox for signing up or automatic usage statistics, and links to Google’s, Chrome’s, and ChromeOS’ Terms of Service. Users will also see a Chrome logo, various menu options, and a mock-up of a Chrome window.
These hackers are remarkably cunning. To an untrained observer, this alert page might seem convincingly real. There are, however, some telltale signs: The hackers often struggle with grammar, neglecting to capitalize “Chromium,” or the first word in phrases like “by downloading Chrome.” You wouldn’t typically expect to see a comma in a message such as “The site uses the new chromium engine, to continue it needs to be updated.”
If you see this message while trying to access a site, a quick look might not suffice to differentiate it from a legitimate Google Chrome update alert. However, if you click on one of the update options, that’s where the real trouble begins. The hackers aim to trick you into downloading malicious software onto your machine. Whether you’re on a Mac or PC, this malware is designed to capture your passwords and other sensitive information. For instance, AMOS malware can extract data from Macs, including usernames, passwords, cookies, and cryptocurrency wallets.
The risks associated with this type of hacking are severe. Imagine inadvertently downloading this “update” onto your computer, allowing the malware to harvest your usernames and passwords. This information could then be relayed back to the hackers, who could potentially gain access to your accounts, especially your financial accounts.
While c/side has not disclosed a full list of the affected websites, it has stated that many popular sites are involved.
Next Steps
If you manage a WordPress site, c/side advises promptly updating your WordPress installation and plugins, as well as removing any that are no longer in use. Additionally, search for any scripts identified by the researchers and monitor for any signs of malicious activity.
For those who suspect they may have downloaded malicious files from these sites, it’s vital to clean your machine immediately. You can attempt to identify and remove compromised files yourself, or you may prefer to use a program that can scan your system, such as Malwarebytes or Bitdefender. (c/side offers a similar service, which it promotes in its findings.)
