Threat Alert: What to Watch For

• Cybercriminals have compromised an undisclosed media company that provides video content and advertising to hundreds of news outlets across the United States.
• Authentic-looking browser update alerts appear on the impacted news websites. The pop-up windows prompt visitors to download and install web browser updates. These updates come in the form of ZIP files.
• Fake alerts include branding and language matching the visitor’s browser. Prompts have been seen for Chrome, Firefox, Opera, and other browsers.

Tips to Remember (at Work and at Home)

• Do not download or update software strictly based on a web-based pop-up notification or email alert. Fake notifications are persistently used by malware distributors to pressure targets into a download. System alerts should originate from native tools, not from browser pop-ups or emails.
• Independently log in to accounts/services to verify any alerts on associated accounts. Check for software updates directly at the source or by following organization-specified processes for confirming the availability of internal updates and where to find them.
• Don’t confuse familiarity and safety. It’s easy for attackers to abuse well-known logos and brands. Pop-ups can be designed to mimic any desired service or alert, and they can even be targeted to match the browser you’re using and your local language.