Many Users Hacked Via Fake Google Chrome Update From Compromised WordPress Websites

  •  
  •  
  •  
  • 1
  • 1
  •  
  •  
    2
    Shares

Hackers are exploiting various websites to conduct phishing attacks. These websites redirect users to fake sites prompting a malicious Chrome update.

Fake Chrome Update Distributing Backdoor

Analysts from Dr.Web have found hackers actively targeting users with a malicious Chrome update. This update runs a backdoor on the target device which then facilitates subsequent malware attacks.

According to their report, this phishing campaign is in the wild where the hackers are distributing malware after hacking different websites. They managed to gain admin access to the target websites and embed malicious JavaScript code on the compromised pages.

When a visitor reaches the infected pages, it redirects the user to the phishing website. This site tempts the visitor to download a fake Chrome browser update.

Fake Chrome update
Source: Doctor Web

Since the phishing page looks legit, users may click on the download button and unknowingly welcome the backdoor.

Regarding the infection mechanism, briefly, executing the installer creates a folder in the %userappdata% directory containing files for the TeamViewer app. It then extracts two password-protected SFX archives, one of which is a malicious msi.dll library which facilitates in establishing the unauthorized connection to the target device. The second archive includes a script to bypass Microsoft AV detection.

Once the presence is established, hackers may then use the backdoor to deliver payloads such as keyloggers, infostealers, or trojans for remote connection.

Presently, these attacks seem targeted to location and browser. They are specifically targeting users of the Chrome browser in the USA, UK, Canada, Australia, Israel, and Turkey.

Exploitation Of WordPress Sites Continues

As revealed through their study, the hackers have compromised different WordPress CMS-based websites to spread the malware. Though, it is not yet known the method the attackers managed to compromise the different sites.

This study once again sheds light on the vulnerability of WordPress sites to cyber attacks, especially through the exploitation of vulnerable WordPress plugins.

Let us know your thoughts in the comments.

The following two tabs change content below.

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!