The “Google Chrome Update” You See Could Be Hackers’ Trick

Phishing Scam Uses Fake Google reCAPTCHA

A fake Google Chrome Update has been found by researchers from Russia recently. Thousands of victims fall into the trap of this dangerous backdoor that pretends as an official Google Chrome update. As we all know that keep your devices and software updated and patched is one of the most important ways to defend against cybercrimes. However, we have to ensure the update and patch are officially issued by vendors. Otherwise, the measure you take for securing your devices and data may eventually lead to a data breach. According to the report released on March 19, Google has already paused all the upcoming Chrome updates and skip the next point release, which is Chrome82,  due to the outbreak of COVID-19.

Researchers that discovered the fake Google Chrome update warned users that the convincing Google Chrome update download is being linked to from multiple WordPress-powered sites that have been compromised by hackers. Those pages, including everything from news blogs to official corporate sites, have been hit by a threat actor with a history of successful hacking campaigns. Therefore, we believe that there are experienced hackers are behind the fake Google Chrome Update. As the hackers got administrative control of multiple sites to create the chain of infection, the cybercriminals embedded a malicious JavaScript redirection script that sends visitors straight to what appears to be a legitimate Google Chrome update page once admin access to the sites was achieved.

The fake Google Chrome update is not just illegal, but malicious. According to the researchers, this malicious update had been downloaded over 2,000 times. When the file is executed, the TeamViewer remote control application will be installed without the notice of the victim. Along with the installation, password-protected archives contain the files that the threat actors use to obfuscate the malware from Windows antivirus protection. Sophisticated data-stealer comes as part of this dangerous package. Base on the investigation of geolocation and browser detection, victims are from various countries including the United States, Canada, Israel, Australia, Turkey, and the United Kingdom. Please notice that the Google Chrome web browser includes the feature of automatically updating itself. In order to check the version of your browser, you can go to Help|About Google Chrome from the “three dots” dropdown menu in the top right-hand corner of the browser. By March 26, the latest version is 80.0.3987.149.

When your company may need a CISO to fulfill such information security needs, other than hiring a person sitting in the office, vCISO can be an efficient and more affordable option. LIFARS’ CISO as a Service is designed to address organizations’ information security leadership needs. Our CISOs are highly skilled at establishing, improving, and transforming Cybersecurity Programs focused on maximizing business values by minimizing risks and optimizing opportunities. LIFARS’ astute Information Risk Management leaders can discern security needs, design effective solutions & program, and deliver results while steering through challenging organizational culture. Their over 20 years of security, risk, and compliance leadership experience encompassed various industries and globally dispersed organizations. Below are examples of some key areas delivered via LIFARS vCISOs:

  • Information Risk Management
  • Cybersecurity strategy
  • Cybersecurity Governance
  • Cybersecurity Operations Management



Contact LIFARS Immediately

If Your Organization Needs vCISO