A fake Google Chrome Update has been found by researchers from Russia recently. Thousands of victims fall into the trap of this dangerous backdoor that pretends as an official Google Chrome update. As we all know that keep your devices and software updated and patched is one of the most important ways to defend against cybercrimes. However, we have to ensure the update and patch are officially issued by vendors. Otherwise, the measure you take for securing your devices and data may eventually lead to a data breach. According to the report released on March 19, Google has already paused all the upcoming Chrome updates and skip the next point release, which is Chrome82, due to the outbreak of COVID-19.
The fake Google Chrome update is not just illegal, but malicious. According to the researchers, this malicious update had been downloaded over 2,000 times. When the file is executed, the TeamViewer remote control application will be installed without the notice of the victim. Along with the installation, password-protected archives contain the files that the threat actors use to obfuscate the malware from Windows antivirus protection. Sophisticated data-stealer comes as part of this dangerous package. Base on the investigation of geolocation and browser detection, victims are from various countries including the United States, Canada, Israel, Australia, Turkey, and the United Kingdom. Please notice that the Google Chrome web browser includes the feature of automatically updating itself. In order to check the version of your browser, you can go to Help|About Google Chrome from the “three dots” dropdown menu in the top right-hand corner of the browser. By March 26, the latest version is 80.0.3987.149.
When your company may need a CISO to fulfill such information security needs, other than hiring a person sitting in the office, vCISO can be an efficient and more affordable option. LIFARS’ CISO as a Service is designed to address organizations’ information security leadership needs. Our CISOs are highly skilled at establishing, improving, and transforming Cybersecurity Programs focused on maximizing business values by minimizing risks and optimizing opportunities. LIFARS’ astute Information Risk Management leaders can discern security needs, design effective solutions & program, and deliver results while steering through challenging organizational culture. Their over 20 years of security, risk, and compliance leadership experience encompassed various industries and globally dispersed organizations. Below are examples of some key areas delivered via LIFARS vCISOs:
- Information Risk Management
- Cybersecurity strategy
- Cybersecurity Governance
- Cybersecurity Operations Management