New research has warned millions of users that taking steps to fix Google Chrome could be the catalyst that infects your computer with malware.
Experts at cyber security firm Proofpoint have discovered a dangerous campaign that poses as a fake update on your Google Chrome web browser to force you to download malicious code. Following the steps described in the fraudulent pop-up will launch a Trojan horse-like attack on your computer.
Hackers can then go through the personal data stored on your desktop or laptop computer, researchers say detailed blog post about the newly discovered attack.
Security experts have uncovered several examples of fraudulent Google Chrome pop-ups that encourage users of the web browser to insert malicious code into a terminal window on their computer.
PROOFPOINT
Even worse, malicious software can be deployed to divert any cryptocurrency sent from your computer into hackers’ pockets, security experts warn. Proofpoint researchers did not disclose how much money they believe has been stolen from computer owners around the world using this technique.
“Oops, error! Something went wrong while displaying this website,” reads one example of a fraudulent pop-up message discovered by security experts. “To display this website correctly, please install a root certificate. Click the ‘Repair’ button and follow the next instructions.”
Another reads: “Something went wrong while displaying this website. There was an error when the browser version was last updated, which caused some websites to not work.”
Both fraudulent pop-ups prompt users to copy the malware code by clicking a button, launch Windows Powershell (Admin) – a pre-installed application that allows users to control and automate parts of the operating system – from the Start menu, paste the malicious code and run it in a Terminal window.
In other words: it’s a step-by-step guide that teaches Windows users to carry out the attack themselves.
This technique of using “false error messages,” the researchers warned, “is clever and purports to be an authoritative notification coming from the operating system.”
Any individual or application that instructs you to run unknown code in a terminal or shell should raise alarm bells, the researchers advise. This deep level of system access allows hackers to cause massive damage.
And not only Google Chrome users should beware of this type of attack. Proofpoint researchers discovered evidence of a very similar attack targeting Microsoft Word users.
The malicious pop-up is designed to look like a legitimate warning from Microsoft and – like the attack targeting Google Chrome users – will force unsuspecting users to enter code into a terminal.
“The ‘Word Online’ extension is not installed in your browser. To view the document offline, click the ‘How to fix’ button,” reads one example of these fraudulent warnings.
Although the browser-based version of Microsoft Word works on all platforms, the hack is designed specifically for the Windows operating system. So the latest campaign from hackers will only affect those who have Windows 10 or Windows 11.
Another example of this type of attack highlighted by researchers at Proofpoint targets people using Microsoft Word in their browser.
PROOFPOINT
The researchers point out that this attack “requires significant user interaction to be successful,” which could limit its impact globally. Proofpoint researchers add: “Organizations should train users to identify activity and report suspicious activity to their security teams.
“This is very specific training, but it can be easily integrated into an existing user training program.”
THE LATEST DEVELOPMENT
The applications will be Google Chrome and Microsoft Word never prompts you to manually enter a code into another app to unlock features. If any of the above pop-up warnings – or similar instructions – appear on your computer, proceed with extreme caution.