Hackers spread virus in fake Google Chrome update

Several legitimate websites have been compromised and trick users into installing a virus. Hackers added auto-executing Java scripts that allegedly reported a bug in Google Chrome’s auto-update.

However, the file that will be the manual installation of the new browser version is actually Monero, a cryptocurrency miner. According to digital security researcher Rintaro Koike, the virus went live in February and managed to bypass Windows security measures.

avoid antivirus

By overlaying legitimate pages, attack regiment security extensions blocking access to potentially dangerous websites. Once the miner is run, it removes itself from Windows Defender’s list of malicious apps, disables Windows Updates, and rewrites system files to compromise other antivirus software.

The attack initially focused on pages in Japanese, Korean, and Spanish. However, by all indications, the malicious code is compatible with over 100 languages, suggesting that the scam has enormous potential to spread.

How do you protect yourself?

Although the schema comes from a java script, the installation of the virus itself is an active part of the user. Therefore, the first precaution to protect yourself is to ignore the instruction when you come across a page offering a manual Chrome update.

Most browsers perform their updates automatically as the user browses. If the software is indeed out of date due to a bug, It is recommended that you try the update from the Settings tab. or go to the official product page and download the latest version.

In the case of contamination, it is possible to try to reverse the situation using powerful cleaning tools such as those offered by Kaspersky, Malwarebytes or Trend Micro.