Skip to main content

Don't fall for this Google Chrome email update scam

(Image credit: 19 Studio/Shutterstock)

The Google Chrome web browser sees regular updates every few weeks for both its desktop versions and its Android mobile app. 

So it's no shocker that you might be prompted to update your software to the latest version while browsing online. But it's important you know how to recognize a scam or a threat when you see it, particularly when it arrives via your workplace email account. 

In a blog post last week, researchers at security firm Proofpoint gave further news on an especially shady malware campaign that has been targeting educational institutions, governments and manufacturing companies for nearly a year. 

The latest wave of attacks involved 18,000 malicious emails sent in June and July to recipients in Canada, France, Germany, Italy, the U.K. and the U.S.

The emails prompt the recipient to visit a website of interest to persons in that chosen field. The site is legitimate, but it has been corrupted by an injection of the malicious JavaScript-based framework known as SocGholish, or TA569.

"Soc" standing for "social engineering," as the entire threat revolves around tricking victims into entering private information.

The SocGholish script first gleans information about your browser, operating system, and location. Then it decides whether to try to infect you with malware.

If so, then you are whisked to a second website, and this one really is fake — it's a fake browser update page that urges to click a button to download the "update". Proofpoint's examples including fake Google Chrome and Microsoft Internet Explorer updates, but this campaign also lures Mozilla Firefox users.

And of course, if you do click that button, then you're really downloading a script that further profiles your system and downloads more files, including the Chthonic banking Trojan and the legitimate but often-abused remote-access application NetSupport.

Like other banking Trojans, Chthonic tries to gain access to your online bank account in order to steal money. Meanwhile, NetSupport gives attackers remote control of your PC, potentially leading to full system takeover.

How to avoid this malware scam

If you want to make sure your version of Google Chrome is up to date without falling victim to malware, it's best to do so manually, as Google itself explains. 

Open your Chrome browser and take a look at the three dots on the top right of your window, the "More" icon. The icon may be green, orange or red, which means that an update is available. 

Green indicates that the update was released less than two days ago, while orange means it was released about four days ago. Red means the available update was released a week ago and you're overdue to install it. To update, click the three-dot icon and choose "Update Google Chrome." 

If you don't see "Update Google Chrome" at all, or the three-dot icon is gray, then it means you don't need to update and you're good to go. 

When the update is complete, you need to click "Relaunch" and your browser will close, then reopen automatically with the same tabs you had open. 

You can postpone this process by clicking "Not now," and the update will apply itself when you restart your browser. This way you're staying up to date and skipping out on scams. 

As for avoiding malware injections of this nature, the safest thing you can do is to not click on links within emails, especially those from unsolicited senders. 

You can also hover your mouse over a weblink before you click on it to see if the destination URL is fishy or not. (In this campaign, it might not be, since the crooks behind it seem to be corrupting legitimate websites without the knowledge of the sites' administrators.)

As a backup, making sure to have one of the best antivirus programs installed. It can root out malware you may have downloaded with an ill-advised click.