All About Fake Update Campaigns

As technology is progressing so are the cyber criminals. They are constantly developing new ways and tactics to steal user’s data. Lately, a malicious malware campaign has been revealed by security researchers where attackers use legitimate but compromised sites to convince users into downloading fake updates that will install malicious code on their machines. These techniques are commonly practiced on high traffic websites to distribute ad fraud malware.

Today, we will discuss about these Fake update campaign and how they work.

What is Fake Update Campaign?

It is a new type of spam campaign where the update is shown but the downloaded file is not executable instead it is a JavaScript. To understand it better please see the animation below:

The campaign

Google chrome

Firefox

Also Read : How to Remove Malware and Adware from Your Mac

How it Works?

The campaign targets outdated websites as they are vulnerable and a malicious code can be easily injected into Content Management Systems of such sites. Once the code is injected the user receives a prompt that a certain program is out of date, when he tries to update it, a malicious file is downloaded on the machine.

To make the attack look genuine, attackers use legitimate file hosting services such as GitHub and DropBox.

The JavaScript file that gets downloaded on user’s machine collects information from the compromised machine and sends it to the server, then it executes a JavaScript to deliver the final payload.

Once executed, the JavaScript contacts the command and control server and shares all the information like computer name, OS, domain, model, manufacturer, BIOS version and other important information.

This malicious code can come from any fake downloader.

How to Identify the Fake Downloader?

No special technique is used to detect the fake downloader. If you keep a check on what’s going on anyone can easily detect it.

1. If you receive a prompt asking you to either update your web browser, plugin or Adobe Flash Player never blindly trust it.

2. Check the URL in the address bar.

3. Try to manually update the browser, flash player or plugin via the help rather than using the prompt.

4. Always check what type of file is downloaded, if it is not executable pause the download and delete the file.

5. Run an update anti-virus that is capable of detecting malicious add-ons.

Must Read : How To Remove Malware and Viruses On Your Windows PC

Conclusion

Hackers will not miss a chance to exploit any vulnerability. They will try all possible ways to steal your data. Although the fake campaign depends on social engineering and exploits legitimate file hosting service, but it clearly states more you progress, the hackers will also advance.

The downloaded file is a script rather than an executable malicious file, giving hackers an extra edge and flexibility to develop more dangerous threats. As the malicious script will be running on the victim’s machine, bad guys can exploit the machine for their personal gain.

This is not the first time that hackers are using such techniques and attempting to spread malware. Therefore, if you want to stay safe you must check the URL in the address bar, if you are redirected to any other site apart from one for which you are downloading an update then stop the download then and there.

Plus, compromised websites not only redirect the user to download fake updates, but they indirectly make user an unwilling participant into malware campaign. Therefore, it is important to keep Content Management Systems up to date, as well as use good security hygiene when it comes to authentication.