Software updates are important and inevitable. To expand functions and develop existing security problems, you must update your apps and machines. If you avoid being updated, you may no longer find certain programs, functions or even websites as you should.
However, if you visit a website and see a request to update Chrome to continue, run away. In all likelihood, they have just bumped into fraud. Don’t fall in it.
WordPress sites are hacked
The fraud in question aims at WordPress website – actually 10,000 of them. This is according to the c/sideA website security company whose research revealed the current attacks.
Here is what’s going on: hackers are kidnapped websites on which outdated versions of WordPress and plugins are carried out. (C/Side -Hypothethesis -attacker use a susceptibility to security in a certain WordPress plugin to carry out your schemes.) Attackers use two types of “popular” malware variants: Amos (Atomic MacOS Stealer), the Apple devices and Socgholish, Which, which is designed for Windows devices.
If you visit one of these affected websites, hackers overwrite the actual content of the website with a new, fake page. This manipulated content claims a warning that you have to update your browser to visit this website because the page uses “The new chrome engine”. The hackers sprinkle a few different elements on this page to sell the fraud, including two different update options, a check box for logging in or automatic usage statistics and crash reports as well as links to Google, Chrome and Chromeos’ terms of use. You also see a chrome logo, various menu options and a rendering of a chrome window.
Credit: c/side
These hackers are smarter than most others. This alarm side could look pretty real for an unobtrusive eye. Of course there are some red flags: the hackers do not have the grammar best and have not activated “Chromium” or the first word in “Chrome”. Nor would you expect Google to use a comma between “the website to use the new chrome engine to continue. It must be updated.”
However, if you try to access a site and see this message, a quick glance may not be enough to distinguish this from a typical Google Chrome Update alarm. However, if you click on one of the update options, the trouble begins. The aim of the hackers is to get you down to download a malicious file to your computer. Whether you have a Mac or a PC, This malware should steal your password and other important information. For example, Amos Malware steals data from Macs such as user names, passwords, cookies and crypto letters.
Obviously, this type of hacking is dangerous. Imagine that you accidentally download this “update” to your computer and the malware can scrape off your user names and passwords. It can then report to the hackers who take this information and break into their accounts – especially in their financial accounts.
C/Side has not announced a complete list of the websites concerned, but says that some of the most popular websites of the Internet are affected.
Where should go from here
If you run a WordPress site, C/Side recommends updating your WordPress installation and plugins and no longer removing. You should also search for one of the scripts Researchers identified And look for signs of malicious activities.
For the rest of us, you should inform your computer as soon as possible if you think you have downloaded malicious files from these websites. You can try to identify and remove the compromised files. However, you may want to try out a program with which your computer can scan like you, such as: Malwarebytes or bitdefender. ((C/side also offers a similar serviceWhat it promotes in its findings.)
