Some alarming news broke today that hundreds of U.S. news websites are unwittingly playing a big role in a new malware campaign that’s disguised as a Chrome browser update. This is quite a devious attack method since it’s considered an important security practice to update your browser as soon as possible.
The way hackers are delivering the malware is also clever. It’s coming via an advertising network that also supplies video content to newspaper websites across the nation. It’s difficult to identify and shut down this attack because it is applied intermittently. According to a tweet by the security research team Threat Insight, the JavaScript code is being changed back and forth from the normal harmless ad delivery script to the one that includes the hacker code that shows a false update alert.
Proofpoint Threat Research has observed intermittent injections on a media company that serves many major news outlets. This media company serves content via #Javascript to its partners. By modifying the codebase of this otherwise benign JS, it is now used to deploy #SocGholish.
— Threat Insight (@threatinsight) November 2, 2022
This is a serious problem since many people get their local news from these websites and trust them implicitly. Here’s what you need to know about this dangerous new malware campaign. When visiting a news site and after advertising loads, an alert might appear warning you that it’s time to update your browser.
According to Bleeping Computer, the message is tailored to match your browser, appearing to be an update for Google Chrome, Mozilla Firefox, or Opera. If you proceed with the download, it will be a malware package rather than a security update.
Thankfully, it’s easy to double-check by navigating to browser settings and checking if there are any updates available within the browser controls. Hackers have not been able to insert their malware links into the browser code. Alerts, on the other hand, can be triggered by websites and website advertising, so use extra caution with pop-ups.