Chrome Update - Malware
Once the website loaded, it displayed a popup telling me that I needed to update my version of Chrome.
It claimed that I needed to update to 62.0.3202.75 and after a quick check, I see my version is 94.0.4606.61 (Official Build). No shocker as I already know that Chrome would not display such a banner, but I wanted to play with it some. I copied and pasted the URL to my sandbox and it was time to play.
First I wanted to look at the website coding to see what is going on. Added to the header of the HTML code, was:
The coding is supposed to detect the browser versions and download the correct malware-embedded browser.
When you click on the “Update” button it will download a copy of Chrome, which contains several Trojans. The domain behind the Update button (which again, I redacted from my post and all associated uploads), is proxied registration, so that isn’t much help. It is registered and hosted with Namecheap. The odd thing is that Windows Defender picked it up. But when I uploaded it to VirusTotal.com, the detection results were rather dismal.
Defender picked up nothing until I started to install it and then it found Trojan:Win.Raccoon.BM!MTB, upon launch, and then Trojan:Win32/Wacatac.B!ml part way through the installation. By anti-virus picked it up as UDS:Trojan-Spy.Win32.Stealer
Another thing I noticed is that they are screwing with the RSS feed and have added the following to that: