Trust us, click on this Google Chrome update - you'll seriously regret it

GOOGLE CHROME users have been put on alert about a dangerous new scam that tries to convince people their web browser is out of date and needs an urgent, important software patch. But clicking on the Update button installs a dangerous strain of malware on your PC.

By Aaron Brown, Express Affiliate Development Editor with 10 years of experience writing about the latest developments in consumer technology, product reviews, and buying advice

Google Chrome Update Scam UK Warning PC

Google Chrome users need to avoid this scam update, or it could seriously cost them (Image: APPLE • GETTY)

Hackers hoping to cash-in on the success of Google's hugely-popular Chrome web browser are trying to trick users into downloading a fraudulent update that installs malware designed to steal bank account details. Known as Chtonic, those unlucky enough to accidentally install the malware onto their PC could find themselves seriously out of pocket.

Security researchers from Proofpoint discovered the troubling new malware campaign. Some 18,000 messages promoting the fake Google Chrome update have already been sent to web browser users, Proofpoint research shows. Most of these were mailed between June and July 2020 and seem to be targeted at those in Canada, France, Germany, Spain, Italy, the United Kingdom, and the United States.

If you mistakenly click on the link inside the scam message – the site analyses your location, operating system and browser. If you meet the requirements, you'll be led to a spoof update page telling you that your version of Google Chrome is out of date.

The fraudulent update notification is a pretty good imitation of genuine Google webpages. Not only that, but the additional criteria checks before the webpage is displayed makes the update warning feel more convincing. After all, if you can navigate to the same webpage on an iPhone running Safari, you're less likely to believe that the warning on your PC is real. But the fact that you have to be running Chrome on a vulnerable operating system to even see the cybercriminals' message will surely convince more people to click prominent Update button on the spoof webpage.


Google Chrome Update Scam UK Warning PC

The scam message uses official imagery from Google to make it appear as convincing as possible (Image: PROOFPOINT)

Another version of the same scam is designed to target those running Windows Internet Explorer.

According to the team at Proofpoint, "while this technique isn’t new, it’s still effective because it exploits the intended recipient’s desire to practice good security hygiene. Keeping software updated is a common piece of security advice, and this actor uses that to their advantage."

As threats move from desktop to popular mobile platforms, like Android and iOS, sometimes a classic still works. There's nothing particularly inventive in this latest campaign, but it's still worryingly effective.

Google Chrome Update Scam UK Warning PC

If the website detects that you're using Internet Explorer, it will switch the message (Image: PROOFPOINT)

The hackers are using known Trojan Chthonic to steal confidential login credentials for your online bank accounts – potentially allowing them to lift funds from your account behind your back. The fraudulent Chrome and Internet Explorer update webpages also contain remote-control software NetSupport. Although this is a legitimate tool to access your PC's desktop when out-and-about, Proofpoint says that it is "often abused by threat actors."

This could allow the cybercriminals to gain further access to your machine.

If you believe you have been impacted by this threat, contact your bank. It might be possible to cancel any fraudulent transactions – or better yet – change your security credentials before the hackers have a chance to break-in.

It's important to always use a unique password for each online account. Create a unique password for each account that uses a combination of words, numbers, symbols, and both upper- and lower-case letters. And remember that some of the most secure – not to mention the easiest to remember – passwords are actually passphrase. Just to use a phrase or sentence, like the opening sentence to your favourite novel, a poem, or the opening line to a hilarious joke.

Would you like to receive news notifications from Daily Express?