Security researchers have recently identified malicious code running on the websites of news services which prompt users to install fake browser updates. Threat actors are using the code to deploy the SocGolish JavaScript malware via local, regional and national news sites.

 

What Does It Do?

The malicious code runs a script which generates a browser-specific popup indicating that the user needs to run updates for their Chrome, Edge or Firefox browser. If the user initiates the bogus “update” the code injects malware onto the target system. Researchers have already tied this attack vector to ransomware deployments, as well as trojans, keyloggers and other types of malware.

 

 

Where Is It?

Security researchers have detected the code across the sites of over 250 news outlets in the United States. It may be no coincidence that the threat actors are focusing their attention at news sites during the intensive coverage cycle accompanying the midterm elections in America. The code is designed to cycle through the script in different intervals, so not all users will see a popup or phony updates message.

 

 

Countermeasures

A good adblocker, such as AdBlock Plus or uBlock Origin, should prevent malignant script from launching unauthorized windows, messages and popups. These adblockers can be installed free of charge and are available in the Edge, Chrome and Firefox app stores. If you do see a notification that suggests your browser needs to be updated (and it is a good idea to keep your browser up to date), be sure to go into the settings for the program and find the updated button within the browser user interface, rather than clicking on something generated on a website. The settings button can typically be found in the upper right corner of your web browser, denoted by three dots, or in the case of Firefox–three horizontal lines.

 

It’s a good idea to keep your browsers up to date to prevent security loopholes. Unfortunately, bad actors are relying on users’ willingness to keep their software up to date as a new method of delivering their malicious code. If you have questions about security or anything else technology related, give us a call at Mankato Computer Technology.