Attackers Are Hiding Malware in ‘Browser Updates’

Cybersecurity firm Proofpoint warns that hackers are distributing malware via fake browser update notifications. They exploit vulnerable sites by placing malicious JavaScript code on them which redirects users to fake update pages. Initially adopted by threat actor TA569, this method has also been used by at least four other threat groups. To avoid such risks, the firm advises frequent browser updates, increased vigilance about unexpected website behaviour, and greater familiarity with usual browser and website functions.