StopMalwertising warns of another upswing of this particular tactic, which starts with malicious ads leading to pages able to detect which browser users use and serve them with a fake notification about them needing to update their browser:
The landing page was initially located on securebrowserupdate.com, but has since been removed. Still, you can bet on the fact that there are more like it out there.
"At securebrowserupdate.com there's an update for every browser. If the script can’t make up which browser you’re running, Mozilla 5.1, GoogleBot 2.1 or unknown unknown.1 Service Packs are offered for download," they share.
These served pages have the look and the feel of the legitimate browsers' sites they are trying to impersonate, so it's understandable how some users might fall for the scheme. According to Trend Micro, French, US and Spanish users are among the most targeted / gullible.
"Instead of an update, users download a malware detected as JS_DLOADR.AET, which was found capable of changing the downloaded binary to have a different payload," Trend Micro researchers shared.
- Sent to your number sms with a secret code. Enter your confirmation code activation.
- An error occurred while processing the request server.
- Software is successfully activated.
While avoiding schemes like this altogether isn't possible, it is actually very easy not to fall for them: simply make sure to download browser updates only from their official sites (type in the correct URL yourself), or set the browser to update itself automatically.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.