A new and sophisticated malware that impersonates Google Chrome and Microsoft has the potential to steal money from Microsoft device owners, cyber experts warn.
Since March, online protection firm Proofpoint has flagged an ongoing nefarious campaign, seeing “cybercriminal threat actors adopting new, varied, and increasingly creative attack chains.”
This month, Proofpoint identified a larger distribution of the malware. It poses as fake updates in internet browsers like Chrome and mimics programs like Microsoft Word — all to coerce users into downloading a harmful series of code.
From there, the delayed, Trojan Horse-esque attack gets access to cryptocurrencies and to sensitive files and personal information.
Often, a pretend update prompt will pop up on Google Chrome through a “compromised website” with a clipboard message to “copy the code” provided. It then instructs personal computer owners to open PowerShell — a Microsoft program for scripts — and self-paste in the malware.
From there, the “hijacker” can gain access to the victims’ cryptocurrency.
Specifically, this ploy reroutes the victim’s funds to the perpetrator rather than to the rightful recipient.
Another method of this is through “email lure,” a ploy similar to phishing.
Emails, typically those that appear to be work- or corporate-related, will contain a hypertext markup language file that resembles Microsoft Word and has a variety of error messages.
“Word Online’ extension is not installed,” one read along with phony buttons to click on to “fix” it.
Similarly, users were prompted to open PowerShell and copy over a malicious code, in a deceptive “campaign” that, according to Proofpoint, was widespread.
Per Proofpoint, “the campaign included over 100,000 messages and targeted thousands of organizations globally.”
In a similar fashion, Microsoft’s cloud storage, OneDrive, was also mimicked for nefarious purposes.
“The social engineering in the fake error messages is clever and purports to be an authoritative notification coming from the operating system,” Proofpoint noted.
“It also provides both the problem and a solution so that a viewer may take prompt action without pausing to consider the risk.”
However, there is a silver lining in that “this attack chain requires significant user interaction to be successful.”
So, in other words, be smart and never download anything that looks unauthorized or suspicious.
Widely popular browsers and programs like Chrome and Word will never prompt a user to manually input code into another application for basic functions.
