Google Chrome users are being asked to be vigilant for a fake update that, if clicked on, will instead install malware onto their computer.
Users visiting compromised websites are shown a message pretending to be from Chrome, offering them an update to their Chrome installation to fix a security issue. If users click on the update, Malware is then distributed on their device.
The vulnerability begins when a user visits a website which has already been infected with malware.
The message can appear as follows:
An error occurred in Chrome automatic update. Please install the update package manually later, or wait for the next automatic update.
If users click on the link, a ZIP file is then downloaded containing the malware Monero Miner, which can use the device’s processing power to mine for cryptocurrency. The device will become increasingly slow and unresponsive as its processing power is used. Personal information can be obtained and security settings changed, to allow for further attacks.
What is Malware
Malware is malicious software which is designed to cause harm or exploitation of a device or service.
Cybercriminals can use malware to extract personal data which they can use for personal gain. This can be financial information and personal information such as passwords.
What you can do
- Do not click on a link you are unsure of. Google Chrome should update automatically but if you do need to run an update, follow these steps:
In Chrome, click the 3 dots on the right hand side of your URL bar. Select Help, then About Google Chrome. You can now see which version of Chrome you are running. If an update is needed, it should start running automatically.
- Make sure your operating system and software is kept up to date.
- Install antivirus software.
- Help to prevent the spread of malware by protecting your website. At Zonkey we provide WordPress website maintenance from just £39 per month. Find out more here – WordPress Maintenance.