Attackers Are Hiding Malware in ‘Browser Updates’

Cybercriminals are using decoy browser update notifications to hide malicious software, according to cybersecurity firm Proofpoint. Threat actors are infecting genuine but susceptible websites with JavaScript featuring harmful payloads. Prompting users with legitimate-looking update notifications hides the malicious nature. The technique reportedly originated with threat actor TA569 and has been adopted by at least four other criminal groups, suggesting a rising trend.