Threat Alert: FAKE BROWSER UPDATE ATTACK

• Malicious actors compromise hundreds or thousands of legitimate websites with JavaScript injects. These compromised websites are widely accessible: via direct URL entry, web searches, social media, and legitimate emails.
• Visitors to these sites may encounter pop-up notifications that appear to be prompts for browser updates but are actually designed to execute malicious code.
• While variations on lure types exist, fake browser updates are the most historically common web-based threat.

How is it used in the wild?

• Legitimate websites are compromised and injected with malicious JavaScript code.
• Upon passing filtering checks, visitors to these sites encounter a convincing fake browser update notification customized to their browser, stating, “You are using an older version of [Browser].”
• Update [Browser] buttons in the fake update prompt are set to execute malicious code instead of a legitimate update.
  

Key Action: Stay Alert!

• Do not download or update software based on a web-based pop-up notification or email alert. Fake updates are persistently used by malware distributors to pressure targets into downloading. System alerts should originate from native tools and through official organizational channels, not from browser pop-ups or emails.
• Keep in mind that cybercriminals regularly abuse legitimate services. Abusing legitimate services gives cybercriminals and their lures an additional air of legitimacy. If you see an unexpected email linking you to an unknown landing page, it should be regarded as potentially malicious. Similarly, even on trusted websites, unexpected pop-ups should be treated as suspicious.
• Report ANY suspicious emails via Phish Alarm.