FakeUpdate, a fake browser update scam, is now targeting users in France, aiming to deploy the WarmCookie backdoor malware.
FakeUpdate Spreads WarmCookie as Chrome, Edge Updates
Researchers at Gen Threat Labs have found a campaign spreading the WarmCookie backdoor. This campaign uses a known tactic called FakeUpdate, which tricks victims into downloading fake web browser updates.
Currently, the attacks are targeting users in France. In addition to popular browsers like Google Chrome, Mozilla Firefox, and Microsoft Edge, the campaign also offers “updates” for applications like Java, VMware Workstation, Proton VPN, and WebEx. Attackers either hack or create websites that display fake update requests. Following these requests leads to the download of a malicious program disguised as a browser update.
The FakeUpdate campaign is not new, as similar ones have existed before. WarmCookie has also previously used deceptive methods for distribution, such as job offers.
This updated version now enables data theft, device profiling, program enumeration, command execution, screenshot capture, and installation of additional malware.
The FakeUpdate site closely resembles a legitimate one, with a convincing URL. Currently, the site edgeupgrade[.]com is still active. Clicking the “Update” button downloads the file “Install_x64.exe,” which is the WarmCookie backdoor. Once launched, the malware checks for a virtual environment. If none is found, it collects the system fingerprint and sends it to the attackers’ command and control server.
The WarmCookie backdoor gives attackers full access to compromised systems, with new features like running DLLs from the temp folder and executing EXE and PowerShell files. This allows for basic data theft and the delivery of payloads like ransomware. All modern browsers on Windows now auto-update, removing the need for manual downloads; users just need to restart the browser.
How to stay protected from malware and online threats:
- Keep Software Updated: Regularly update your operating system, web browsers, and applications to patch vulnerabilities.
- Use Antivirus Software: Install reputable antivirus or anti-malware programs and keep them updated to detect and remove threats.
- Enable Firewalls: Use a firewall to monitor incoming and outgoing network traffic and block suspicious activity.
- Avoid Suspicious Links: Be cautious when clicking on links or downloading files from unknown sources, especially in emails or pop-ups.
- Use Strong Passwords: Create complex passwords and consider using a password manager to keep track of them.
- Enable Two-Factor Authentication (2FA): Use 2FA wherever possible for an added layer of security on your accounts.
- Backup Data: Regularly back up important files to an external drive or cloud storage to prevent data loss in case of an attack.
- Educate Yourself: Stay informed about the latest threats and learn how to recognize phishing attempts and other scams.
- Limit Privileges: Run applications with the least privilege necessary and avoid using administrative accounts for everyday tasks.
- Monitor System Behavior: Keep an eye on system performance for unusual activity, such as unexpected slowdowns or unauthorized changes.
Leave A Comment