Leveraging vulnerable website content management platforms, these attacks seek to trick users into installing malware under the guise that their web browser is out-of-date.
We all know that eventually your web browser will need to be updated. So, it’s not so out-of-the-ordinary for users to be notified that a newer version is available. Generally, this kind of notification utilizes the operating system’s normal update mechanisms. But, less savvy users may not be educated on how updates work, making this attack possible.
In essence, the user navigates to a site running on an older version of a content management system (CMS) such as WordPress, Drupal, etc. The “older” is an important caveat here, as these sites are more vulnerable to being compromised and leveraged by attackers.
The sophistication in this campaign is amazing! The initial malicious webpage performs a ton of browser validation and then transparently navigates the victim’s browser to a malicious page that, in turn, redirects them to a browser update that looks like the one below:
Looks pretty legitimate to the untrained eye.
In addition, evasive techniques have also been seen to avoid detection by virtual sandbox technologies designed to spot these kinds of malicious webpages.
Users should be taught to ignore update notifications coming through their web browser, as this is only one of many attacks attempting to accomplish the same task. Users undergoing continual Security Awareness Training should already be aware of this tactic, and are savvy enough to both spot the potentially-malicious content and to avoid interacting with it.