ALERT |
A crucial warning about a dangerous new browser update aimed at Microsoft Windows users has emerged. This attack uses social engineering tactics to lure users into making regrettable clicks.
The alert was issued by Palo Alto Networks' Unit 42, as reported by Cyber Security News, which emphasized the research. Attackers have embedded "malicious JavaScript" into legitimate websites, prompting users with notifications that their browser modules in Chrome, Edge, or Firefox are outdated and need to be updated.
According to Cyber Security News, "these lures leverage realistic branding and urgency warnings, such as 'Critical Security Update Required.'" When you download and execute the script, the malware retrieves the NetSupport RAT code necessary to compromise your PC. This code includes an executable for remote device control, a library for data extraction, and Windows "Registry modification scripts for persistence," making it difficult to terminate the process once it is active on your system.
Researchers caution that "NetSupport RAT delivered a secondary payload: StealC, a credential-stealing malware." This malware does what its name suggests: it seeks key login information and bypasses security measures.
The researchers emphasize that "the SmartApeSG campaign highlights the ongoing threat of social engineering combined with fileless attack techniques. Threat actors maintain extended network access while avoiding traditional defenses by exploiting trusted software update mechanisms and Windows internals."
MITIGATION STRATEGIES
-
Block domains linked to SmartApeSG infrastructure (e.g., poormet[.]com, cinaweine[.]shop) using threat intelligence feeds.
-
Deploy signatures to detect malicious JavaScript patterns (e.g., long Base64 strings, asynchronous HTTP requests).
-
Monitor for unusual process relationships, such as mfpmp.exe initiating network connections or writing to %APPDATA%.
-
Restrict PowerShell execution policies and log script activity to identify encoded command sequences.
-
Educate employees to recognize fake update lures, stressing that browsers auto-update and never require manual downloads.
The dangers of fake browser installations and updates are escalating.
It is now more crucial than ever for users to install or update browsers and browser modules only through traditional methods.
You can use your browser to check for updates and avoid clicking on popups or website links, no matter how legitimate they appear.
Ready to strengthen your organization's security posture?
For more cybersecurity insights, follow Cyderes on LinkedIn and X.
