Malware crooks find an in with fake browser updates, in case real ones weren’t bad enough


An uptick in cybercriminals masking malicious downloads as fake browser updates is being spotted by security researchers.

Mimicking the success of the tactics adopted by the years-old SocGholish malware, researchers at Proofpoint have drawn attention to cybercriminals increasingly emulating the fake browser update lure.

Researchers have tracked SocGholish for more than five years. In the past five months, three more major campaigns have emerged. All use similar lures but deliver unique payloads.

The fear is that despite only dropping malware now, the proliferation of these campaigns could be a boon to initial access brokers, offering an effective route to infect end users with ransomware.

SocGholish is the oldest major campaign that uses browser update lures. It is typically attributed to TA569. In August, it was revealed to have facilitated the delivery of malware in more than a quarter (27 percent) of incidents. It was among the top three malware loaders that altogether accounted for 80 percent of malware attacks.

Read more…