[ADVISORY ALERT] 'Chrome Update' Scam!
In toto, we are wholly pasting here the alert from Lifehacker.com [dated January 31, 2025]: @ https://lifehacker.com/tech/chrome-update-scam-wordpress-sites?utm_source=email&utm_medium=newsletter&utm_campaign=thedownload&zdee=gAAAAABl_RKRQ6UZytNNCbikeuTyJ5kxb3eILhy_zw1ERxD2HTRQBkA0bISJ31SxQ6TXEykbz_aFrxLTRG8PSKGQ8Fnr9ZEikw6ZT1oDZsGGdrWh3StAbO8%3D&lctg=45443382888[ADVISORY ALERT] 'Chrome Update' Scam!Software updates are important and inevitable. To expand features and patch existing security issues, you need to update your apps and machines. If you avoid updating, you might find certain programs, functions, or even websites stop working as they should. However, if you visit a website, and you see a prompt to update Chrome in order to proceed, run away. In all likelihood, you just encountered a scam. Don't fall for it.The scam in question is targeting WordPress websites—10,000 of them, in fact. That's according to c/side, a web security company, whose research uncovered the current attacks.
Here's what's going on: Hackers are hijacking sites that are running outdated versions of WordPress and plugins. (c/side hypothesizes attackers are exploiting a vulnerability in a particular WordPress plugin to execute their schemes.) Attackers are using two types of "popular" malware variants: AMOS (Atomic macOS Stealer), which goes after Apple devices, and SocGholish, which is designed for Windows devices.
When you visit one of these affected websites, hackers override the actual content of the site with a new, fake page. This manipulated content purports to be an alert that you need to update your browser in order to visit this site, as the page uses "the new chromium engine." The hackers sprinkle in a few different elements on this page to sell the scam, including two different update options, a check box to sign up or automatic usage stats and crash reports, and links to Google's, Chrome's, and ChromeOS' Terms of Service. You'll also see a Chrome logo, different menu options, and a rendering of a Chrome window.Our takeaway here: Let's continue to sharpen our eyes in ensuring that an UPDATE prompt LEGITIMATELY comes from a LEGITIMATE source website owned by the LEGITIMATE software. As I am a 'full-blown' end-user of Chrome, be literally WATCHFUL because there are tons and tons of Chrome ADD-INs. Ensure that every ADD-IN is LEGITIMATELY sourced. To be forewarned is to be forearmed❗❗❗
No comments:
Post a Comment