A new malware campaign is tricking Windows users into installing harmful code by disguising it as fake software updates for popular programs like Google Chrome and Microsoft Word. Cybersecurity experts at Proofpoint have discovered that cybercriminal groups use these fake updates to steal money and sensitive information from victims’ devices. The malware appears as error messages in internet browsers, prompting users to copy and run a PowerShell script.

Discover how new #phishing techniques using Progressive Web Apps (PWAs) are used to steal #passwords and other sensitive data.

Learn how to protect yourself from this threat ⇒ https://t.co/59n37U3Smh pic.twitter.com/6RokVWgE9n

— Kaspersky (@kaspersky) June 25, 2024

This script is the first step in installing the malware, determining if the device is a valid target before downloading additional payloads. These payloads can clear the DNS cache, remove clipboard content, and display fake messages to deceive the user. In the second stage, the malware installs an info stealer to access and redirect the victim’s cryptocurrency.

A new malware distribution campaign uses fake Google Chrome, Word, and OneDrive errors to trick users into running malicious PowerShell "fixes" that install malware.@BleepinComputer has what you need to know about this attack. https://t.co/3E4FvjAGFm

— Proofpoint (@proofpoint) June 24, 2024

Another method of spreading the malware involves sending emails containing an HTML file that looks like a Microsoft Word document.

Malware disguised as software updates

These emails trick users into installing a fake “Word Online” extension and running malicious PowerShell code.

Proofpoint reports that this deceptive campaign has targeted thousands of organizations worldwide, delivering over 100,000 malicious messages globally since March 2024. To protect yourself from such threats, experts recommend installing strong antivirus software, using a VPN, monitoring your financial accounts, placing a fraud alert on your credit file, and enabling two-factor authentication for important accounts. It’s crucial to verify the authenticity of any software before downloading it and to be cautious when browsing the internet or connecting to public Wi-Fi.

Hackers often exploit vulnerabilities like Wi-Fi driver flaws to spread malware, so staying vigilant is critical to maintaining online security. As these malware campaigns evolve and become more sophisticated, users must stay informed about the latest threats and take proactive steps to protect their devices and personal information.

Following best practices for online security and being cautious when prompted to install software or run scripts can significantly reduce your risk of falling victim to these dangerous malware attacks.