Regular software updates are essential for maintaining the functionality and security of both applications and devices. By updating, users can access new features and ensure that existing vulnerabilities are patched. Neglecting these updates may lead to certain applications or websites malfunctioning and failing to operate as intended.

However, exercise caution if you encounter a website that prompts you to update Chrome to continue browsing. This is likely a fraudulent attempt to deceive users. It is crucial to remain vigilant and not fall victim to such tactics.

A recent scam is targeting WordPress platforms, affecting around 10,000 sites as reported by c/side, a security analytics firm specializing in online threats.

The situation involves cybercriminals taking control of websites utilizing outdated WordPress versions and plugins. Research indicates that the attackers might be exploiting a specific vulnerability within a commonly used WordPress plugin. The malware being distributed falls into two prevalent categories: AMOS (Atomic macOS Stealer), aimed at Apple devices, and SocGholish, tailored for Windows users.

Upon accessing compromised websites, users might be presented with a falsified webpage. This page misrepresents itself as a necessary update notification, implying that users must upgrade their browser to access the site since it utilizes “the new chromium engine.” The fraudulent measure incorporates a range of misleading elements, such as multiple update buttons, a checkbox for subscribing to usage statistics, and links to Google’s and Chrome’s Terms of Service. Additionally, it features Chrome branding, various menu selections, and a simulated window interface.

Credit: c/side

These cybercriminals display a high level of sophistication. For an unsuspecting user, this bogus update notification could easily be mistaken for a legitimate Chrome alert. There are, of course, indicators that hint at the deception: grammatical errors abound, with terms like “Chromium” improperly capitalized, and unusual punctuation usage, such as a misplaced comma in the warning message.

In the event that such a message appears while trying to access a site, it may be challenging to differentiate it from an authentic notification at first glance. However, engaging with the update options can open the door to malicious software. The aim of these hackers is to trick users into downloading harmful files, which are engineered to steal sensitive data like passwords, irrespective of whether the user operates a Mac or Windows machine. For instance, AMOS malware targets Macs specifically, extracting usernames, passwords, cookies, and even cryptocurrency credentials.

The implications of such attacks are severe. Should a user unknowingly download this harmful “update,” the malware can begin its work of harvesting critical login information. The results could include unauthorized access to private accounts, particularly those related to finances.

While c/side has not released a comprehensive list of the impacted sites, they have indicated that several highly frequented platforms are among those targeted.

For individuals managing WordPress websites, c/side advises performing immediate updates to both the WordPress core and all plugins. Unused plugins should be removed. Website owners should also search for any flagged scripts identified by the researchers and monitor for any signs of malicious activity.

For users who suspect they may have downloaded harmful files from these compromised sites, it’s imperative to cleanse their systems as quickly as possible. Users can either manually identify and remove the infected files or utilize malware detection software such as Malwarebytes or Bitdefender. Additionally, c/side also provides similar protective services that may be worth considering.