Hackers are using malicious ads promising browser updates to drop malware on users’ machines. Using a mix of social engineering and a variation on scareware, attackers have been taking advantage of recent legitimate Firefox and Chrome updates to infect hundreds of machines in Europe and the United States.
Experts at
StopMalvertising caution users to download browser updates from only legitimate sources, such as the vendor sites.
Victims landing on a website hosting a malicious ad are presented with a popup informing them their browser is out of date. They’re also given a link to a supposed update; instead they’re redirected to the securebrowserupdate domain, StopMalvertising said. The ad determines what browser the victim is using and offers the corresponding update. Several options are presented, including one with antivirus protection. None of the version numbers match current browser versions.
