Google Chrome has had a rough go of things this year. Just back in May, the Google-built browser suffered from at least four zero-day exploits, all of which Google was able to fix in a pretty timely manner, forcing Chrome users to update pretty often. However, a new exploit appears to be making the rounds, and it’s a pretty tricky one.
According to a new report from ProofPoint, the newest attempt to get Chrome users to install malware on their computers comes in the form of fake errors. The fake errors can also appear as Word and OneDrive errors, the security company reports.
The campaign is being used by multiple threat actors, including the group behind a new attack called ClickFix, as well as those behind existing attacks like ClearFake. Well-known threat actor TA571 is also believed to be involved. Much like previous ClearFake attacks—which used website overlays to push visitors to install fake browser updates riddled with malware—the new threat causes a popup to appear on the screen, prompting users to resolve an issue with their browser.
The instructions included in the fake Chrome error suggest that users click a “copy” button, and then paste a “fix” into their Windows Powershell application—while running it as an Admin. This is exceptionally bad news, as it gives the instructions within the copied command complete access to your computer.
ProofPoint says the command checks if the computer is a viable target, and then essentially opens the floodgates to install various malware on it. One of the primary downloads included in the package is an info-stealer, which can gather your personal info for threat actors, allowing them to use it however they want.
ProofPoint also said the malware is being spread through an email-based infection chain, which uses an HTML attachment claiming to be a Word Online extension. When trying to open it, an error message will display, asking you to complete the same steps as the Chrome error. The fundamentals of the command are a bit different, ProofPoint notes, but the overall goal is the same: to install malware on your computer so that bad actors can harvest your data.
Legitimate Chrome or Microsoft Word messages will never ask you to paste anything into Windows Powershell. If you're worried you might already be infected, run an antivirus or malware scan as soon as possible.
I’m hardly a noob when it comes to smoking meat on the grill, but I’ve never owned a real smoker, and certainly not one that could have a conversation
Google is making it easier to follow the rules of the road—or at least know when you should pay extra attention to them. New traffic-tracking features
As someone who loves trying and writing about new Mac apps, it's pretty common to see a cluttered dock on my laptop. I don't manually quit apps that o
AI is changing our lives. Are you ready? Microsoft's AI chatbot, Copilot, has been steadily growing and adding new features since its introduction las
For decades, whenever you've needed to know something, you've googled it. What time's the Super Bowl? How do you fix a leaky faucet? What's the differ
In this digital age, gift-giving has become a breeze, with online retailers offering a wide range of options. However, there are instances when our fa
We are a dynamic information platform dedicated to delivering timely, relevant, and reliable content across a broad spectrum of topics. From the latest in technology and business to lifestyle, health, and global affairs, we aim to keep our readers informed and inspired.
Our editorial team is committed to maintaining high standards of accuracy and clarity, ensuring that every article provides value and context in an ever-changing world. We believe in the importance of accessible knowledge and strive to make complex topics understandable for everyone.
Whether you're here to stay updated on current events, explore thought-provoking features, or simply learn something new, our goal is to offer a trustworthy source of information that meets the needs of a diverse and curious audience.