Post-Acute Care News

Get News via Email

Security Spotlight: Fake Program Updates

By Mark Owens on Wed, Oct 16, 2019 @ 02:38 PM
Find me on:

Cybercriminals are becoming more sophisticated. In just the past month, a toolkit has been discovered that allows attackers to use Fake Program Updates from compromised web sites to infect computers. Let’s look closer at this type of attack and see what we can do as Human Firewalls to detect and prevent them.

How It Works

  • This is a sophisticated scheme where the bad guys compromise legitimate sites to prompt you to either install software updates or, in some cases, downloads may begin automatically.
    • The prompts to download the software look very convincing, but they are actually downloading malware and remote access software.
  • Imagine you’re visiting a web site and you get a message prompting you to perform a software update.
    • It might be an update to your browser, or flash player, or even a missing font like the following examples:

Fake Google Chrome Update

Fake Flash Player Update

Fake Missing Font Update

Screenshots courtesy of Bleeping Computer

How to Avoid Becoming a Victim

Because of the level of sophistication in this exploit, it can be very difficult to determine if the update is legitimate.  When you really think about it though, it’s unlikely that a retail site such as Best Buy, or a banking site, such as Bank of America, is going to be pushing out updates for your browser, or any program for that matter.  So, your best practice is to assume it’s fake and follow the steps outlined below. 

If you encounter a website prompting you to load any type of update:

  • Do not click on the page
  • Immediately close your browser
  • If something started downloading and updating automatically, cancel the download and update process
    • At this point:
      • If you are at work, notify the anti-virus (“AV”) team right away so they can determine if your computer is compromised
        • They may run a full system AV scan or take other actions like reviewing system processes
      • If you are on your home computer, make sure your AV is active and updated
        • You may also want to use System Restore to revert back to the last version of your system backup just to be safe

What’s Next

If nothing started downloading and updating automatically, or you’re confident your computer is not compromised, you can navigate to the software author’s official website to find out if there are valid updates available.

Conclusion:

This Fake Program Update is, at its core, a social engineering tactic. The bad guys are relying on the fact that computer users are savvier these days and know about the necessity of updates to keep their computers safe.  They then piggyback on the trustworthiness of the programs they claim to represent to get past your Human Firewall defenses. You wouldn’t eat something a stranger on the street just handed you so, as a Human Firewall, don’t install any program update from a site that doesn’t belong to the software author.

Recent Posts

bottom-cta.png

FREE CASE STUDY

Ensign Services Speeds Claims Turnaround up to 35-50% and collects revenues sooner!

PLAY DEMO