When you visit one of these infected sites, you’ll get a fake update notification (hence the name) that kicks off the infection. You might wonder how this attack could pop up on thousands of websites for months without detection until recently. This is a clever attack that uses a light touch with a site’s visitors. For one, it only serves the fake update notification once per IP address. The update notification (which is a redirected URL) is themed to match your browser. So Firefox users get a page about running an old version of Firefox, and it’s the same for Chrome users. There’s a version for Flash updates, too. The styling of these pages looks spot-on.
The end result of an infection with the FakeUpdates campaign is that your system runs the Chtonic banking malware, which is a variant of ZeusVM. That gives the attacker full control of a system including file transfer and remote access.
Now that the cat’s out of the bag, site operators and CMS systems can begin purging FakeUpdates from websites. It won’t go away overnight, and it might just mutate to avoid detection and come back later. Your best bet is never to trust popups that tell you to download something, even if they look legit. Only download on your own terms.
Flaw in Grammarly Browser Extension Exposed User Documents
Grammarly promises to catch your typos and grammatical errors, but for a while, it was also exposing your personal documents to potential snooping by any website you visited.
Popular Mac Adware Blocker Found Sending All Browser History to China
The most popular anti-malware app and one of the most profitable apps on the App Store has been exfiltrating user data. Apple did nothing about the problem for a month.
Report: Microsoft Will Scrap Edge for Chromium-Based Browser
Microsoft's revamped Edge browser remains but a tiny sliver of the browser market. The situation is so dire that Redmond is reportedly throwing in the towel on Edge as it currently exists.
Confirmed: Microsoft Will Move to Chromium-Based Edge Browser
Microsoft has wasted no time confirming the recent rumors: the Edge browser is dead. All hail the new Edge based on Google's open-source Chromium code