We will explain a new type of malware that is spreading these days: fake updates.
Malware that requires users visiting a WordPress site to update their Cheome browser
This malware, when embedded in a site, causes the following symptoms
Malware Symptoms
1. A pop-up asking the user to update their browser (or they may be immediately redirected to the following page)
2. When the user tries to update, the user is redirected to a fake Chrome update screen.
(This update screen is exactly the same as the real one and can only be determined to be fake by the URL.)
3. The virus software named GoogleChrome-x86.msix is downloaded from an arbitrary domain/ download / dwnl.php and infects the user’s PC.
This malware is very dangerous because it directly harms the user in the sense that it forces the user to install the virus software.
How to deal with it
In order to redirect users to other sites or to display pop-ups, it is necessary to tamper with the site. Therefore, if you see this symptom on your site, it means that hackers have already exploited a vulnerability in your site and modified the site’s program.
Therefore, the basic remedy is,
1. Inspect and remove all malware (the tampered part).
2. Close the vulnerabilities
These two measures are necessary. If possible, we recommend that you do the above for all sites that exist on the server. (Malware nowadays can spread beyond the domain folder).
To detect malware
Free WordPress:Malware Scan & Security Plug-in [Malware and Virus Detection and Removal]
Please use [Free] WordPress:Malware Scan & Security Plug-in [Malware and Virus Detection and Removal].
We would also appreciate it if you could refer to the following article for the basics of vulnerability countermeasures.
5 Free WordPress Security Measures