Skip to content


Proofpoint, a cyber security company, has been keeping a close eye on some threat actors that are targeting everyday businesses. These threats come in the form of fake browser updates. Imagine you’re browsing the internet, and suddenly, a pop-up message from a trusted browser like Chrome, Firefox, or Edge appears, telling you that your browser needs an update. When you click on it, you download malicious malware instead of a real update.

Proofpoint’s research shows that one group, called TA569, has been using this trick for over five years to spread harmful SocGholish malware. Lately, other bad actors have started copying this method. They all have a unique way of doing it but rely on the same trick to lure people in.
This is a big deal because it takes advantage of our trust in our web browsers and the websites we visit. These bad actors add hidden code to websites, making them show these fake update messages. When you click on them, they take you to a site they control and make it look like a legitimate browser update. Then, they sneakily download malware onto your device without you realising it.

Figure 1: Fake chrome update –

How effective are they, and what are the dangers?

These fake browser update attacks work so well because cybercriminals are using our understanding of online safety against us. In security training, we’re told to be cautious and only accept updates or click on links from websites or people we know and trust. We’re also encouraged to verify that the sites we visit are legitimate. These fake browser updates use this training because they compromise trusted websites. They use malicious JavaScript requests to check things in the background and replace the actual website with a fake one that appears to be a legitimate browser update. So, to an ordinary user, it still looks like the same old website they intended to visit, now asking them to update their browser.

When it comes to these threats, Proofpoint hasn’t identified any bad actors directly sending emails with harmful links. Instead, these compromised website URLs show up in various email traffic differently. They can be in regular emails sent to everyday users who have no idea the websites are compromised. These fake updates can also appear in monitoring emails, like Google alerts, or in mass email campaigns, like those sending out newsletters. This means that these emails are considered harmful when the website is compromised.

It’s important to understand that these fake browser update threats are not just a problem with email. Users can stumble upon these malicious sites from various sources, like search engines, social media sites, or simply by typing in a web address. They could then get lured into downloading the malicious malware.

Another issue with these attacks is that each campaign cleverly filters its traffic to hide from researchers and delay detection. All their methods are effective at staying hidden. While this might limit how far their malicious stuff spreads, it lets these bad actors keep control of the compromised sites for more extended periods. This creates a challenge for those trying to respond to the threat. With multiple campaigns and changing harmful content, responders must determine what to look for and find the right clues of compromise when the download happens.

How to keep safe

To stay safe and prevent falling victim to fake browser update attacks, here are some practical steps users can take:

  • Stay Informed: Knowledge is your best defence. Stay informed about the latest security threats and understand how fake browser update attacks work.
  • Trust Your Gut: Be cautious when you encounter unexpected browser update prompts. Treat it with scepticism if you haven’t manually initiated a browser update.
  • Check the URL: Verify the URL in your browser’s address bar by clicking on any update prompt. Ensure it matches your browser’s official website (e.g., for Google Chrome). Watch for misspellings or unusual domains.
  • Keep Your Software Updated: Regularly update your web browser and operating system. Legitimate updates are typically provided through your browser’s settings or the official website.
  • Use Browser Extensions: Consider installing browser extensions or add-ons to help identify malicious websites and prevent you from accessing them.
  • Enable Automatic Updates: Configure your browser and operating system to install updates automatically. This reduces the risk of being tricked into downloading fake updates.
  • Verify Sources: Only download updates from official sources. If you need help with an update, go directly to the official website of your browser or operating system.

Following these precautions and staying vigilant can reduce the risk of falling for fake browser update attacks and keep your business and personal data safe.

So, the bottom line is, be careful when you see a browser update message, especially if it pops up on a website you weren’t expecting it from. It could be a trap set by cybercriminals.

Related Links