There are multiple fake “update your browser” campaigns active right now that are aiming to trick people into installing all kinds of malware on their devices.

A new report from Proofpoint observed at least four different campaigns, delivering different malicious software to the victims. The first thing these groups do is compromise legitimate websites in one of a number of ways, from brute-forcing their way in to leveraging vulnerabilities in different modules of the websites. 

Once they gain access, they modify the site to display a popup that impersonates Google, Mozilla, Microsoft, or other companies with their own browser (depending on what the user is running at the time of the visit). The popup informs the user that their browser is outdated, and if they want to view the content of the site, they need to download and install an update.

Infostealers and other malware

How people end up on these sites is anyone’s guess. Some must be frequent visitors, but others might get a link through an email or a social media message, or could even stumble upon the sites through SEO poisoning or malicious ad campaigns. 

In any case, if they download and run the “update”, they will infect their endpoint with one of these malware (at least in this latest instance): SocGholish, NETSupport RAT, Lumma, Redline, or Raccoon v2. All of these are capable of extracting sensitive information from the victim, which can later be used for either stage-two attacks, or identity theft. 

The best way to protect against these kinds of attacks is to use common sense. None of the biggest browser makers request their users to update their browsers in order to view the content, and even if they do want them to update – they wouldn’t do it through a pop-up window. Most browsers are automatically updated in the background, without user interaction.

More from TechRadar Pro

Services MarketplaceListings, Bookings & Reviews

Entertainment blogs & Forums

Advantages of overseas domestic helper.