Software updates are important and inevitable. To expand features and patch existing security issues, you need to update your apps and machines. If you avoid updating, you might find certain programs, functions, or even websites stop working as they should.
However, if you visit a website, and you see a prompt to update Chrome in order to proceed, run away. In all likelihood, you just encountered a scam. Don’t fall for it.
WordPress sites are getting hacked
The scam in question is targeting WordPress websites—10,000 of them, in fact. That’s according to c/side, a web security company, whose research uncovered the current attacks.
Here’s what’s going on: Hackers are hijacking sites that are running outdated versions of WordPress and plugins. (c/side hypothesizes attackers are exploiting a vulnerability in a particular WordPress plugin to execute their schemes.) Attackers are using two types of “popular” malware variants: AMOS (Atomic macOS Stealer), which goes after Apple devices, and SocGholish, which is designed for Windows devices.
When you visit one of these affected websites, hackers override the actual content of the site with a new, fake page. This manipulated content purports to be an alert that you need to update your browser in order to visit this site, as the page uses “the new chromium engine.” The hackers sprinkle in a few different elements on this page to sell the scam, including two different update options, a check box to sign up or automatic usage stats and crash reports, and links to Google’s, Chrome’s, and ChromeOS’ Terms of Service. You’ll also see a Chrome logo, different menu options, and a rendering of a Chrome window.
Credit: c/side
These hackers are more clever than most. To an untrained eye, this alert page might look quite real. There are some red flags, of course: The hackers don’t have the best grip on grammar, and haven’t capitalized “Chromium,” or the first word in “by downloading Chrome.” You also wouldn’t expect to see Google use a comma between “The site uses the new chromium engine, to continue it needs to be updated.”
But if you’re trying to access a site and you see this message pop up, a quick glance might not be enough to distinguish this from a typical Google Chrome update alert. However, if you click one of the update options, that’s where the trouble starts. The hackers’ goal is to get you to download a malicious file onto your machine. Whether you have a Mac or a PC, this malware is designed to steal your password and other important information. AMOS malware, for example, steals data from Macs like usernames, passwords, cookies, and crypto wallets.
Obviously, this type of hacking is dangerous. Imagine you inadvertently download this “update” onto your computer, and the malware gets to work scraping your usernames and passwords. It can then report back to the hackers, who take that information and break into your accounts—particularly your financial accounts.
c/side hasn’t disclosed a full list of the affected websites, but says that some of the internet’s most popular websites are affected.
Where to go from here
If you run a WordPress site, c/side recommends updating your WordPress installation and plugins and remove any you no longer use. You should also look for any of the scripts the researchers identified and look for any signs of malicious activity.
For the rest of us, if you believe you downloaded any malicious files from these websites, you should clear out your machine as soon as possible. You could try to identify the compromised files and remove them, but you may want to try a program that can scan your machine for you, such as Malwarebytes or Bitdefender. (c/side offers a similar service as well, which it promotes in its findings.)
-
-
-
-
-
-
-
-
