A dangerous new browser attack is targeting Windows users, exploiting social engineering tactics to lure unsuspecting victims into downloading malicious software.
This latest threat, discovered by Palo Alto Networks’ Unit 42, affects Microsoft Windows users on Chrome, Edge, and Firefox browsers.
How the Attack Works
The attackers inject harmful JavaScript into legitimate websites, tricking users into believing their browser is out of date and needs a critical security update.
These fake update warnings, with urgency-driven messages like “Critical Security Update Required,” encourage users to click a link to install the update.
But clicking on this link only installs malware, including the NetSupport RAT. This remote access tool allows attackers to control your device, exfiltrate data, and even alter Windows Registry settings to maintain long-term access.
What the Malware Does
The malicious software doesn’t stop at gaining control of your device. It also delivers a secondary payload: StealC, a credential-stealing malware that hunts for login data to bypass your security. This allows cybercriminals to potentially access your sensitive information.
Mitigation and Prevention Tips
To protect yourself from this threat, Palo Alto Networks offers several precautions:
- Block known malicious domains linked to this attack, like poormet[.]com and cinaweine[.]shop.
- Monitor unusual processes on your device, such as mfpmp.exe establishing network connections.
- Restrict PowerShell execution to prevent unauthorized scripts from running.
- Educate users and employees on recognizing fake browser updates and remind them that browsers typically update automatically without requiring manual downloads.
This ongoing attack highlights the growing risk of fake browser updates and the need for caution when downloading software or updates online. Always use trusted sources to install or update your browser.
