We will explain a new type of malware that is spreading these days: fake updates.

Malware that requires users visiting a WordPress site to update their Cheome browser

This malware, when embedded in a site, causes the following symptoms

Malware Symptoms

1. A pop-up asking the user to update their browser (or they may be immediately redirected to the following page)

2. When the user tries to update, the user is redirected to a fake Chrome update screen.
(This update screen is exactly the same as the real one and can only be determined to be fake by the URL.)

3. The virus software named GoogleChrome-x86.msix is downloaded from an arbitrary domain/ download / dwnl.php and infects the user’s PC.

This malware is very dangerous because it directly harms the user in the sense that it forces the user to install the virus software.

How to deal with it

In order to redirect users to other sites or to display pop-ups, it is necessary to tamper with the site. Therefore, if you see this symptom on your site, it means that hackers have already exploited a vulnerability in your site and modified the site’s program.
Therefore, the basic remedy is,

1. Inspect and remove all malware (the tampered part).
2. Close the vulnerabilities

These two measures are necessary. If possible, we recommend that you do the above for all sites that exist on the server. (Malware nowadays can spread beyond the domain folder).

To detect malware
Free WordPress:Malware Scan & Security Plug-in [Malware and Virus Detection and Removal]
Please use [Free] WordPress:Malware Scan & Security Plug-in [Malware and Virus Detection and Removal].

We would also appreciate it if you could refer to the following article for the basics of vulnerability countermeasures.
5 Free WordPress Security Measures

Related Posts:

  1. Malware that displays a fake WordPress login screen and steals login information
    Recently, malware that alters the JAVASCRIPT file of WordPress and uses it as a parasite to display a fake login screen and steal login information has been spreading....
  2. WordPress malware Fake browser update page
    Recently there has been an increase in WordPress malware that displays a fake browser update page. We will explain this malware....
  3. WordPress malware Redirect to fake login page
    Recently, there have been an increasing number of cases of malware that direct users to a new type of fake login page. We will explain this malware....
  4. WordPress malware, heck.php showing fake Google login screen
    Recently, many websites have been defaced to display fake Google login screens, and we will provide examples and explanations of these defacements....
  5. Is a WordPress site restored from a backup prior to malware infection safe?
    WordPress Doctor received the question, “Is a WordPress site restored from a backup prior to a malware infection safe?” This section explains whether or not a WordPress site restored from a backup prior to a malware infection is safe....
  6. How to Prevent WordPress Site-to-Site Malware Infection
    Taking advantage of the convenience of being able to operate multiple domain sites under a single server contract, malware today often analyzes the server folder structure and spreads infection from one site to the folders of other sites (domains)....