Threat Alert: Trusted Websites Delivering Fake Browser Updates

• Multiple cybercriminal groups are carrying out cyberattacks leading to the installation of malicious software (malware) on a user’s device. 
• Cybercriminals compromise legitimate, trusted websites. These websites then display to visitor’s malicious browser-update pop-up windows. 
• These fake browser updates may look highly legitimate and match the user’s browser. 

Key Actions (at Work and at Home)
 

• Don’t confuse familiarity and safety. It’s easy for attackers to abuse well-known logos and brands. Pop-ups can be designed to mimic any desired service or alert, and they can even be targeted to match the browser you’re using and your local language. 
• Do not download or update software strictly based on a web-based pop-up notification or email alert. Fake notifications are persistently used by malware distributors to pressure targets into a download. System alerts should originate from native tools, not from browser pop-ups or emails. 
• Follow approved software installation processes. If you need to download or update a specific software utility or application, follow organization-specified processes or reach out to a member of the technology or security team for help.