Fake Chrome Update

Question

What is the Fake Chrome Update?

Answer

Please be warned of the following threat to end users in the form of a fake Chrome update warning used to trick users into installing malicious software. If you encounter a webpage or pop-up that states either of the following, or similar messages, please do not install the update:

  • “UPDATE EXCEPTION An error occurred in Chrome automatic update. Please install the update package manually later, or wait for the next automatic update.”

  • “Before you continue, Update your Chrome browser extension; it may be out of date. By clicking Continue below, you will be redirected to the Chrome Store where you can update the Search Verified Chrome browser extension. If you do not already have this browser extension, you will be able to download it, or navigate away to your destination. This extension will offer you a safer web search experience by giving you control to search with a variety of providers.”

 

A .zip file disguised as the Chrome update will be installed, containing a Monero miner designed to mine cryptocurrency at the expense of your CPU. This malware copies itself to C:\Program Files\Google\Chrome as "updater.exe" and then launches a legitimate executable to perform process injection and run straight from memory. Additionally, it stops Windows Update and disrupts the communication of security products with their servers by modifying the IP addresses of the latter in the HOSTS file. This hinders updates and threat detection and may even disable an AV altogether.

If your Chrome browser needs an update, you will be able to see the word “Update” in the upper right corner of your Chrome screen, along with the settings menu. You can choose “Relaunch to update Chrome” from the settings menu, or restart the browser by closing all active windows then open a new browser session.

You can manually check for updates by clicking on the 3-dot icon in the upper right corner of the Chrome screen, then going to Help, and About Google Chrome. The browser will automatically check for updates. If there are no pending updates, you will see the following screen with the most recent version number listed:

If you have downloaded the fake Chrome update to your personal device, we suggest the following:

  • Uninstall the malware from your program files
  • Reset your browser to default settings
  • Run antimalware software on your device to remove any malicious files
Print Article

Related Articles (3)

Clearing web, history, cache and settings
View which browsers work best for mySierra