A surge in deceptive Chrome update websites has sparked concerns as these fraudulent sites have been distributing unauthorized access to users’ devices through remote access trojans (RATs).
Researchers at cybersecurity firm Sucuri identified a growing number of websites infected with the “FakeUpdateRU” malware, which disguises itself as a legitimate Google Chrome update but instead delivers a dangerous RAT. These malicious sites serve as the initial point of entry for targeted ransomware attacks, posing substantial financial threats to individuals, small businesses, and larger corporations. Google has taken action by blocking many domains used for malware distribution and issuing warnings to users attempting to access these deceptive websites.
The malware identified in this surge shares similarities with the SocGholish infection, a threat that impacted tens of thousands of websites and has been linked to the financially motivated cybercrime group Evil Corp, based in Russia. While “FakeUpdateRU” may appear similar to SocGholish at first glance due to its promotion of fake Chrome updates, it actually represents a different group of threat actors who are seemingly trying to exploit the ransomware threat, according to Sucuri.