It is kind of like going back and using an old trick that works: Malware pushers are engaging in the “Your browser is out of date, download the update here” approach to saddling inexperienced users with their malicious wares.
This latest twist starts with malicious ads leading to pages able to detect which browser users use and serve them with a fake notification about them needing to update their browser:
The landing page was initially on securebrowserupdate.com, but is not there anymore.
The page reads: “At securebrowserupdate.com there’s an update for every browser. If the script can’t make up which browser you’re running, Mozilla 5.1, GoogleBot 2.1 or unknown unknown.1 Service Packs are offered for download,” they share.
These served pages have the look and the feel of the legitimate browsers’ sites. French, U.S. and Spanish users are among the most targeted, Trend Micro researchers said.
“Instead of an update, users download a malware detected as JS_DLOADR.AET, capable of changing the downloaded binary to have a different payload,” Trend Micro researchers said.
• Sent to your number sms with a secret code. Enter your confirmation code activation.
• An error occurred while processing the request server.
• Software successfully activated.
Users could be sending a SMS to a premium rate service in order to activate the bogus updates.