Updating your browser (Chrome, Edge, Firefox) when prompted is a good practice, just make sure the notification comes from the software maker.
According to a new report released Wednesday by Proofpoint, threat actors are hiding malware inside of fake browser updates, seeding legitimate but vulnerable websites with convincing browser update notifications and carrying dangerous payloads.
What's a 'dangerous payload' and why should I care?
A payload is malicious software that can sit dormant on a computer or network for seconds or even months before being triggered to deploy ransomware, copy passwords, files and even use your computer to spread malware throughout your network. If you or someone you know get's tricked into clicking on one of these fake browser updates, it could mean really bad news.
What do these fake updates look like?
The look like what you might expect, pretty legitimate. Here's a screenshot of one:
The Takeaway
We're taught to avoid links and attachments in unrecognized emails or text messages, but what about a notification coming from a browser window?
The key here is to look at the url (because it probably belongs to a hacked website) and know that your browser updates itself. When in doubt, check it out!
In Chrome tap the 3 dots in the top-right > help > about Google Chrome
In Firefox click the 3 horizontal lines in the top-right > help > about Firefox
In Microsoft Edge to to Settings and more > Help and feedback > About Microsoft Edge
Updating your browser is a good security practice and I suggest you keep doing it, just not from a fake update website.
If you know someone who would find these updates useful, please consider forwarding this email - it might just save them from disaster.
Stay safe out there.
-Attila
New Friday Funnies
Why did the internet browser get fat?
It accepted all those cookies!