FireEye Latest Research: How To Avoid Imposter Browser Updates

FireEye’s latest research on how malicious actors leverage FakeUpdates to get malware onto victim’s machines underscores the real-world importance and value of vulnerabilities such as cross-site scripting (XSS), HTML injection, or open redirects that are often commonly perceived in the market as being “low value”. What this research shows, is that those attacks, often mixed with social engineering at some level, are often the entry point for these manipulative attacks that take advantage of the victim’s trust in a given domain — tricking the victim into thinking that they’re visiting a site they trust, but in reality, due to a vulnerability on the compromised domain, the attacker is able to fully manipulate the content of the webpage, or redirect the victim to a malicious site that then prompts them to download the malicious content. Trusting the domain (say, for instance, example.com), the user assumes the content downloaded or linked to from that domain to be safe – where, it is, in this case, malware.

Just like phishing emails, users should know not to click on or download things unless they understand the source. Even if you’re sent a link to a website you trust if there’s anything prompting you to download an update for an application from a website, don’t do it. Even a trusted (but vulnerable) website can also be manipulated by attackers to deliver malware. Instead, go directly to the source —using your browser update functionality, as opposed to clicking a link on a site, or leave the questionable page and try to corroborate what that page is saying (is your Chrome, or other software, really out of date? What’s the most current version?) It may feel somewhat paranoid, but a healthy level of suspicion can prevent a lot of headaches.