Malware crooks find an in with fake browser updates, in case real ones weren't bad enough An uptick in cybercriminals masking malicious downloads as fake browser updates is being spotted by security researchers. Mimicking the success of the tactics adopted by the years-old SocGholish malware, researchers at Proofpoint have drawn attention to cybercriminals increasingly emulating the fake browser update lure. …
“The new campaign, which we call FakeSG, also relies on hacked WordPress websites to display a custom landing page mimicking the victim's browser.”
“FakeSG campaigns use hijacked (WordPress) websites to trick visitors into downloading/installing malware (NetSupport Manager). The sites include code that modifies the page to appear as the victim's browser urging an update.”
Seems like big bounties on the people behind malware could be cheap at half the price. Also, no reason for a hosted WordPress etc. installations not to take some simple actions, like locking/unlocking code for update.
Introduce an international best practices code for published software, websites, cybersecurity, backups etc, with a scale of warnings and increasing fines tailored to popularity and revenue. Increase security support for software to 10 years. The fines can go to pay for the oversight. Make it illegal to pay ransoms. Community service penalties for C-suits.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
