Security Warning for Google Chrome Users Over New Cyber Attack Tactic

Criminals are constantly devising new ways to target a “mark” and grift them out of their money or sensitive information.

The cybersecurity company Proofpoint has uncovered a hack that targets the Google Chrome, Microsoft Word, and OneDrive applications. 

In this type of attack, users are tricked into downloading malicious software by means of bogus error warnings that are presented as a “fix.” Cybercriminals employ email and pop-up windows to trick users into thinking there’s an urgent software update required due to a problem. 

While the hack may capture any kind of sensitive data stored digitally, some of the new software seems tailor-made to steal Bitcoin and other cryptocurrencies. An ex-chief technologist for Netscape created Proofpoint and discovered the evil new hacking technique. Cleverly masquerading as an official message from the OS, the latest style of “fake error messages” is here to stay. The method asks users to open a “command-line shell,” especially PowerShell, Microsoft’s command-line tool for Windows and appears to be an official request from tech titans Google and Microsoft.

At least for the time being, Apple iOS customers shouldn’t be worried; cybersecurity experts have only seen these hackers utilize PowerShell to distribute this particular “fake fix” approach. The business made notice of the fact that this assault chain necessitates heavy user engagement and presents the issue and its solution simultaneously, allowing the viewer to act quickly without weighing the risks.

Every one of these hacks involves the use of JavaScript in HTML email attachments or completely hijacked websites to generate false error messages. According to Proofpoint’s investigators, this rudimentary hacking technique may be used to impersonate other legitimate software update requests. 

Two intriguing pieces of malware provided insight into the hackers’ goals.

A file called ‘ma.exe’ executed a crypto-currency mining program called XMRig with specific settings, and ‘cl.exe’ was programmed to replace cryptocurrency addresses copied into the clipboard.