Vulnerability Management, Malware, Threat Intelligence

Malicious payloads spread via fraudulent browser updates

Online update computer keyboard button for internet software concept. Updating process keypad key in blue color.

Threat actors have been leveraging phony web browser updates to facilitate the distribution of remote access trojans and information-stealing malware, according to The Hacker News.

Both the BitRAT trojan and Lumma Stealer malware have been deployed through attacks involving a malicious website with JavaScript code redirecting to a fraudulent browser update page, which leads to the download of a ZIP archive file with the payloads, a report from eSentire revealed. Such a ZIP archive file has also been used to enable persistence and final-stage malware delivery.

Meanwhile, a separate study from ReliaQuest revealed an updated ClearFake campaign involving a fake browser update that executes a malicious PowerShell code resulting in the installation of LummaC2 malware. LummaC2 was noted by another ReliaQuest report to be among the leading infostealers last year.

"LummaC2's rising popularity among adversaries is likely due to its high success rate, which refers to its effectiveness in successfully infiltrating systems and exfiltrating sensitive data without detection," said ReliaQuest.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.