Threat Management

Fake Google Chrome updates leveraged in malware distribution campaign

Share

Several websites, including news sites, blogs, online stores, and adult sites, have been compromised with scripts enabling fraudulent Google Chrome automatic update prompts that facilitate malware distribution, BleepingComputer reports. Malicious JavaScript code is being sent to commence the attack, which will be followed by subsequent downloads of additional scripts, whose origins have been obfuscated by the usage of the Pinata InterPlanetary File System service, a report from NTT showed. Fake Google Chrome error screens indicating a required automatic update will then trigger the download of a 'release.zip' file that has a Monero miner, which leverages the bring your own vulnerable driver technique to facilitate WinRing0x64.sys vulnerability exploitation and acquisition of SYSTEM privileges. Aside from including scheduled tasks and conducting Windows Defender exclusions, the Monero miner also halts Windows Update and disables antivirus systems before connecting to xmr.2miners[.]com, which is then followed by Monero mining. Such an attack could be prevented by avoiding security update downloads from third-party sites.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.