securium academy logo

How Hackers Are Disguising Cryptominers as Chrome Updates

According to Rintaro Koike, a SOC analyst at the Japanese cybersecurity company NTT Security Holdings, cybercriminals are compromising reputable websites to propagate crypto-miner malware disguising itself as a Google Chrome update patch.

Although it was originally acknowledged in November 2022, this campaign has been in effect since February 2023. The attack specifically targets Windows users and is made to avoid detection by messing with victims’ antivirus software, Windows Defender, and Windows Update services.

The attack’s main objective is to spread malware that uses the target’s CPU to mine Monero cryptocurrency in the background.

Fake Chrome Update & Cryptominer Disguised as Microsoft Patch

Cybercriminals inject malicious JavaScript code onto websites to lead users to error pages in order to infect victims. “An error occurred with Chrome automatic update,” states the error notice. Please wait for the following automatic update before manually installing the update package.

This effort has compromised a number of websites, including blogs, news websites, online shops, and adult websites.

To access the site, users must install a Google Chrome update patch. If they do, their device downloads a malware ZIP file. The Monero cryptominer malware is contained in the ZIP file.

Cryptominers can slow down your system even if they might not steal your data or target your files. In particular, if you don’t have a sufficient cooling system, cryptominers might cause your devices to overheat and break down computer components. Customers may experience performance lags as well as increased data and power usage.

Koike claims that the virus employed in this campaign is not a straightforward cryptominer. In order to avoid detection, it alters Windows Defender and other antivirus programmes on the target’s device. It also alters other system settings and prevents Windows Update.

Protect Your Personal Computers From Cryptocurrency Miners

The first quarter of 2022 saw a peak in cryptominer malware infections, affecting over 500,000 users, according to research from Kaspersky’s SecureList lab published in November 2022. Cryptominers, as opposed to other harmful schemes, provide fraudsters with immediate financial incentives.

Infections with cryptominers are becoming more frequently now. In recent years, cryptominers have targeted European supercomputers and U.S. federal institutions.

Cryptominers can be divided into two categories, according to US cybersecurity giant Palo Alto Networks. The first is browser-based and only becomes operational when victims go to a hacked website. The other has the ability to “take over your whole computer and utilise the CPU at a much greater level.”

Keep your programmes updated and only download updates from authorised sources if you want to safeguard your machine from cryptominers. Configure your device to automatically get updates. Choose a top-notch antivirus programme to protect your system, and that is very crucial.

Table of Contents