Pages:
Author

Topic: Fake Google Chrome Update deliver crypto stealing malware (Read 310 times)

sr. member
Activity: 812
Merit: 257
PredX - AI-Powered Prediction Market
The large number of google chrome users makes people who are smart but have no manners try their knowledge! Thieves who are willing to learn for a harmful action. I myself rarely use zip extraction / other raw folders. To update google chrome always click the 3 dots on the top right in the home browser =>about google chrome => check the version currently in use. It is too risky to allow such things on the desktop because of the deceptive wrapper of the content. Hopefully the affected people will not expand and be more vigilant, I realise the role of the browser is very important like a window that can go anywhere, but can be infiltrated around guarded access. And if there is any update via email I do not trust it unless it is just a notification, and access it on the official website for further action.
newbie
Activity: 28
Merit: 2
For me, such a development of events with the theft of cryptocurrency and not only, in the browser Chrome is news. Two-factor authorization must be mandatory!
full member
Activity: 560
Merit: 100
Eloncoin.org - Mars, here we come!
Exactly and even if they didn't update automatically they would give you a notification to update he apps and not people sending to update the apps. Scammers are always bringing new methods to scam people and those who are not smart fall for it and this who are smart and wise escape from the trap always. The Internet is a place of making money and the same time scammers full the internet so when you online be wise and smart if not they scammer.

Everyday they come with new technic so we have to know their new technic deal with them.
Chrome? It's important to keep updates on our phone apps because nowhere is safe anymore. We come with the intention of making substantial profits in the space but we should always take our time to ensure we're on the right lane because any slight mistakes will always attracts losses on our ends. Scammers never gets tired and they don't give up. I know how important it is for them to lure people and scammed them of their hard earn money.
hero member
Activity: 1064
Merit: 501
Delicate information like this needs to be shared with everyone so that people will take note of this, and not fall victim to it, while they think, they are updating their Chrome because it appeared on the screen of their laptop, they are updating a fake Google Chrome malware meant to steal their crypto assets.

This is truly a bad move by the crypto hackers. They know how the Chrome browser is mostly used by many. I just wish everyone would stay vigilant about this, and never update their Chrome browser to a fake one, thinking that they updated the main Chrome browser
hero member
Activity: 700
Merit: 577
Chrome and  every other website I have used updates themselves automatically every time. I always get a message that my device has been recently updated with the new features, never a "your device needs update message".

Everyone should stay vigilant and never keep their funds on an exchange or on a device they use often. Invest in a hardware wallet.

- Jay -
Exactly and even if they didn't update automatically they would give you a notification to update he apps and not people sending to update the apps. Scammers are always bringing new methods to scam people and those who are not smart fall for it and this who are smart and wise escape from the trap always. The Internet is a place of making money and the same time scammers full the internet so when you online be wise and smart if not they scammer.

Everyday they come with new technic so we have to know their new technic deal with them.
sr. member
Activity: 728
Merit: 388
DGbet.fun - Crypto Sportsbook
I use chrome and other browsers on my PC, if any brings update outside the browser it's likely a scam, even uodate. Zip should raise eyebrows, my advice is people should stop surfing the web anyhow, you will eventually stumble on some fake ads and the only thing stopping you is you not believing in the add or you believing in the ads, I am very used to random ads tellling me to update some software or browser, they are all fakes.

This is more dangerous for new PC users, the chances that they can click on any link they found is very high, for such individuals I won't advice them to even run any cryoto wallets on their PC, for hacking softwares to penetrate into your PC, the user still need to give access, it is always us, so it is better to run your crypto wallet elsewhere.

I can tell the difference from a popup anything asking for some access on my PC, but still I choose to run my crypto wallets far away from my PC, if I am a newbie I would have fallen because I will believe almost everything that I see on my PC, today I don't have to worry anymore, I have a hardware wallet and everything I do on my PC won't favour any scams and hacks, that is even if they managed to infect my PC.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
I brought this discussion to the local forum as well. Indeed, all hackers that I understand take advantage of user weaknesses. So the best we can do to prevent, some suggestions when discussing in local forums could be maybe using AdBlock, premium VPN, or DNS settings.
~snip~


How will a VPN or an alternative DNS help you not to install a fake update? The only thing that makes sense is that you might be able to avoid an attack that is geolocated, but also by using a VPN, you can be shown ads that you otherwise wouldn't be able to see with your IP address.



Don't you read all the posts above? In fact, NotATether gave the most needed answer on this topic. It doesn’t matter which browser you want to update; it doesn’t matter which program will beg you to update; the important thing is that Windows allows automatic installation and unpacking of archives without the user’s permission. When working with Linux, you install the necessary sources for updates, and updates occur only from authorized sources, which to some extent protects the user.

When we talk about browsers, each one has (or should have) options for downloading files in its settings, and in these settings you can set whether you want the browser to ask you for permission for every download or whether you want that process to be automatic. It has never happened to me that Windows did something by itself.
hero member
Activity: 798
Merit: 702
and therefore always make sure that your device has antivirus installed and always check whether the domain you are visiting is correct, not a fake website. because there have been many cases like this where some websites disguise themselves as the original website by using domains such as .app .cloud, etc., and user devices can be vulnerable if they do not pay attention to things like this. moreover, google on its site often advertises fake websites like this which often mislead users, and therefore always make sure that the website you are visiting is genuine.
I will agree with you on the side of checking the domain to make sure that the person is on the right one, but you see, putting your trust in antivirus is a risky one, I must say, as there are a lot of anti-viruses that are even carriers, so the best way to protect yourself is to be your own personal security, avoid clicking on things you don't understand online, and like I said above, don't put all your trust in your antivirus. There is some malicious malware that your antivirus might not be able to detect, and it will cause great damage to your gadget.
legendary
Activity: 2002
Merit: 2534
The Alliance Of Bitcointalk Translators - ENG>SPA
Just one more good reason to stop using Chrome. Efficiency is important for scammers, so they will prefer to focus on the leading OS, browsers, etc. to direct their attacks. Mainstream is not a guarantee of safety here...

This has nothing to do with Google and they could just as well go after Firefox on Windows users too.

The problem here is on Windows, there is no way you can verify that a program is signed by the entity it claims to be made by. At least Linux has PGP signatures and MacOS has Gatekeeper, but on Windows you can easily buy a code signing cert for $100 and impersonate any company you want and that is the end of the matter.
And the thing is that 80% of us could still be using Windows as our OS, that's why many are still getting malwares and other trojans that steals our crypto holding. I really don't know why people are still into Windows, might be better to try other flavor of Unix or at least MacOS.

If we can hold thousands of dollars then why not invest on a good machine not using Windows? Really baffles me and then crypto users bitch around when they got hack because they didn't take care of their OS security.

I know that what I'm about to mention is the exception, not the rule, but I have recently learned about the XZ Utils backdoor incident which was fortunately frustrated in the very last minute by pure chance (ironically thanks to a Microsoft worker), and which would've compromised hundreds of millions of computers worlwide that run SSH.

We have become accustomed to repeating ad nauseam that Linux or at least MacOS are safer, and in most ways they are, but at the same time the mentioned incident "could have been the most widespread and effective backdoor ever planted in any software product".
full member
Activity: 868
Merit: 202
Quote
chatgpt-app[.]cloud site contains a download link to a Zip archive called ‘Update.zip’

And once the you have executed the zip file, it will download the payload to your system and then the code will look for the following string in your machine, like *Bitcoin, *Binance and almost everything related to crypto.



and therefore always make sure that your device has antivirus installed and always check whether the domain you are visiting is correct, not a fake website. because there have been many cases like this where some websites disguise themselves as the original website by using domains such as .app .cloud, etc., and user devices can be vulnerable if they do not pay attention to things like this. moreover, google on its site often advertises fake websites like this which often mislead users, and therefore always make sure that the website you are visiting is genuine.
legendary
Activity: 2072
Merit: 4265
✿♥‿♥✿

Actually i think that's a good recommendation Firefox is a good application for browsing and is highly recommended by most of the users, this is why most people prefer using Firefox instead of using Chrome. However Firefox was introduced in 2004 and they gain more popularity within a year, before the adoption of Google Chrome in 2008. However from my investigations i have come to realize that Google Chrome has gain more popularity over Firefox, this is why scammers are using them to attack people because they know that Google Chrome has gain a lot of users in their application.

Don't you read all the posts above? In fact, NotATether gave the most needed answer on this topic. It doesn’t matter which browser you want to update; it doesn’t matter which program will beg you to update; the important thing is that Windows allows automatic installation and unpacking of archives without the user’s permission. When working with Linux, you install the necessary sources for updates, and updates occur only from authorized sources, which to some extent protects the user.
sr. member
Activity: 294
Merit: 433
HODL - BTC
I am a long time Chrome user but when updating then from the browser directly in Help -> About Google Chrome then it automatically updates itself.

I got news maybe this is almost similar where a Chinese citizen lost $1 million from hijacking a browser plugin that resulted in stealing cookies in the browser.

So now there are many loopholes, I am now vigilant and never store assets in the browser extension wallet because this could cause vulnerabilities.

Source:
[1]. https://x.com/GoPlusSecWareX/status/1797597506748219614
hero member
Activity: 1400
Merit: 770
I brought this discussion to the local forum as well. Indeed, all hackers that I understand take advantage of user weaknesses. So the best we can do to prevent, some suggestions when discussing in local forums could be maybe using AdBlock, premium VPN, or DNS settings. One most important thing is never update your Chrome from any pop up, download from the official site. It's also probably (I got it here) the best advice to try is always go to settings-about- here you will find how to update your Chrome app.

hero member
Activity: 2870
Merit: 594
Just one more good reason to stop using Chrome. Efficiency is important for scammers, so they will prefer to focus on the leading OS, browsers, etc. to direct their attacks. Mainstream is not a guarantee of safety here...

This has nothing to do with Google and they could just as well go after Firefox on Windows users too.

The problem here is on Windows, there is no way you can verify that a program is signed by the entity it claims to be made by. At least Linux has PGP signatures and MacOS has Gatekeeper, but on Windows you can easily buy a code signing cert for $100 and impersonate any company you want and that is the end of the matter.
And the thing is that 80% of us could still be using Windows as our OS, that's why many are still getting malwares and other trojans that steals our crypto holding. I really don't know why people are still into Windows, might be better to try other flavor of Unix or at least MacOS.

If we can hold thousands of dollars then why not invest on a good machine not using Windows? Really baffles me and then crypto users bitch around when they got hack because they didn't take care of their OS security.
jr. member
Activity: 31
Merit: 3
The best way to prevent something like this from ever happening to you is to simply not use Chrome - because according to data from the beginning of the year, that browser is represented by as much as 65% among all other browsers, which means that fake updates target exactly that group of users.

If for some reason you don't want to use Tor (which is definitely recommended), one of the better choices is certainly Firefox. The message of this story is that if you are already in the world of cryptocurrencies, then adapt to it in the best possible way.

Actually i think that's a good recommendation Firefox is a good application for browsing and is highly recommended by most of the users, this is why most people prefer using Firefox instead of using Chrome. However Firefox was introduced in 2004 and they gain more popularity within a year, before the adoption of Google Chrome in 2008. However from my investigations i have come to realize that Google Chrome has gain more popularity over Firefox, this is why scammers are using them to attack people because they know that Google Chrome has gain a lot of users in their application.
full member
Activity: 490
Merit: 225
Chrome and  every other website I have used updates themselves automatically every time. I always get a message that my device has been recently updated with the new features, never a "your device needs update message".

Everyone should stay vigilant and never keep their funds on an exchange or on a device they use often. Invest in a hardware wallet.

- Jay -
That's true. Most of the browsers would auto update themselves and wouldn't give you access to most features if you refuse to update them and when you eventually do the update, you get to see somany features that almost seems as though they've all set up to deprive your privacy and get some sensitive data from you. The Chrome and other browsers case is different and even better but when it comes to what happens when you've updated most of these social media like Facebook and WhatsApp that now have built in AI, the guarantee of your security is as slime as nothing.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Just one more good reason to stop using Chrome. Efficiency is important for scammers, so they will prefer to focus on the leading OS, browsers, etc. to direct their attacks. Mainstream is not a guarantee of safety here...

This has nothing to do with Google and they could just as well go after Firefox on Windows users too.

The problem here is on Windows, there is no way you can verify that a program is signed by the entity it claims to be made by. At least Linux has PGP signatures and MacOS has Gatekeeper, but on Windows you can easily buy a code signing cert for $100 and impersonate any company you want and that is the end of the matter.
legendary
Activity: 2002
Merit: 2534
The Alliance Of Bitcointalk Translators - ENG>SPA
Just one more good reason to stop using Chrome. Efficiency is important for scammers, so they will prefer to focus on the leading OS, browsers, etc. to direct their attacks. Mainstream is not a guarantee of safety here...

Tor was mentioned above, although IMO it is not the most comfortable browser for everyday use. There are other good options in between, but in the end staying vigilant and double checking the sources from which you download everything is key.
hero member
Activity: 812
Merit: 560
I will advise that whenever we want to make an update on the apps being used, we should verify the source or means in which we are going to use for that purpose before using them, any link or third party website redirection should be what we have to take serious action against because they could be used to trap us in achieving their target by introducing malware to us, there are many fake updates and they can exist or come in different forms, we need to be more observant to know which is not good for us.
legendary
Activity: 1890
Merit: 1537
Chrome is updated through the browser itself without downloading the latest version of the browser again, uninstalling the old version, or searching on Google for sites to download the browser update, which might be phishing sites containing exe files injected with trojans. By clicking on Settings and then on About Chrome, you can find information about the current version and then perform an automatic update. The same applies to Firefox. I believe that most browsers have this feature to install automatic updates as a security precaution for users to avoid potential fraud and hacking.

Every person must make sure that he uses official websites to download programs or browser extensions and avoid using the primary computer designated for cryptocurrencies, which contains important data, to download programs from unofficial websites, cracks, open suspicious links, and install unknown browser extensions. Such actions can pose a great threat to the user's privacy and result in being hacked.
Pages:
Jump to: