StopMalwertising warns of another upswing of this particular tactic, which starts with malicious ads leading to pages able to detect which browser users use and serve them with a fake notification about them needing to update their browser:
The landing page was initially located on securebrowserupdate.com, but has since been removed. Still, you can bet on the fact that there are more like it out there.
"At securebrowserupdate.com there's an update for every browser. If the script can’t make up which browser you’re running, Mozilla 5.1, GoogleBot 2.1 or unknown unknown.1 Service Packs are offered for download," they share.
These served pages have the look and the feel of the legitimate browsers' sites they are trying to impersonate, so it's understandable how some users might fall for the scheme. According to Trend Micro, French, US and Spanish users are among the most targeted / gullible.
"Instead of an update, users download a malware detected as JS_DLOADR.AET, which was found capable of changing the downloaded binary to have a different payload," Trend Micro researchers shared.
- Sent to your number sms with a secret code. Enter your confirmation code activation.
- An error occurred while processing the request server.
- Software is successfully activated.
While avoiding schemes like this altogether isn't possible, it is actually very easy not to fall for them: simply make sure to download browser updates only from their official sites (type in the correct URL yourself), or set the browser to update itself automatically.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.