Fake Google Chrome updates leveraged in malware distribution campaign

According to a report dated April 13, 2023, hackers have been running a malware distribution campaign since November 2022, which has gained momentum since February 2023. 

Websites are compromised to inject malicious JavaScript code that downloads additional scripts via the Pinata IPFS service. If a targeted visitor browses the site, scripts will display a fake Google Chrome error screen indicating that an automatic update is required to continue browsing the site. The scripts then automatically download a ZIP file called "release.zip" which contains a Monero miner that uses the device's CPU resources to mine crypto-currency for the threat actors. The malware uses the "BYOVD" technique to exploit a vulnerability in the legitimate WinRing0x64.sys to gain SYSTEM privileges on the device. The miner then connects to xmr.2miners[.]com and begins mining the hard-to-trace crypto currency Monero (XMR). 

Affected websites include adult sites, blogs, news sites and online shops. Users should always install security updates for software installed only by the software developers or via automatic updates built into the program. 

Read more about it : here