Google Chrome icons

Hackers are using fake Google Chrome updates on websites to trick unsuspecting victims into download malware, and it uses a device’s resources to mine cryptocurrency for threat actors.

The malware campaign has hacked several types of websites including news sites, online stores, adult websites and blogs, and distributes a Monero miner that mines cryptocurrency Monero (XMR) using CPU resources without the user knowing.

The infected websites contain malicious JavaScript code that executes scripts based on whether the user is part of a targeted audience. Once executed, a fake Google Chrome error screen will be displayed, asking users to install an update package in order to continue to the website.

The website will automatically download a ZIP file containing the malware. When launched, the malicious code will copy itself to “C:\Program Files\Google\Chrome” as “updater.exe.” The miner malware evades Windows Defender, stops Windows Updates and even stops security software performing efficiently by modifying IP addresses. This means it could potentially stop detection from antivirus software.

As reported by BleepingComputer, the attack has been active as early as November 2022. However, cybersecurity company NTT claims that hackers are spreading the malware campaign by incorporating Japanese, Korean and Spanish languages to the fake Chrome update screen.

Fake Google Chrome update example
Fake Google Chrome update example via BleepingComputer

The report also notes that it is difficult to block or takedown the websites infected with the malicious scripts, as they are delivered through the Pinata IPFS (InterPlanetary File System) service.

Stay safe from malware on websites

There is no word of any users affected by the malware campaign yet, but it’s clear that it’s still a threat. From slowing down your device to leading you to malware landing pages, malware on Google Chrome isn’t something you want to have. 

Never download or install updates on any kind from third-party websites. Browsers like Google Chrome will notify you of an update or automatically update the browser once it’s closed.

If you’re unsure if you have malware, follow the steps below to keep yourself safe.

Remove malware with antivirus software

The best antivirus software will detect and remove malicious programs and software affecting your device – including browser hijackers. Simply installing an antivirus and performing a system scan should be able to detect the source of the issue and get rid of it. What’s more, you don’t need to pay for all the security tools an antivirus service offers, as free antivirus software from providers such as Bitdefender, Avast One or AVG offers the same detection and removal features.

Install the antivirus and perform a quick or full scan to see if any malware is hiding in plain sight.

Perform a safety check on Chrome

Previously, the Clean up computer option would see if Chrome can find any malware affecting your browser or device. This tool has now been removed, but you can perform a safety check and turn on Enhanced protection instead.

  • On Google Chrome, click on the three vertical dots in the upper-right corner and select Settings.
Google Chrome Settings
  • Select Privacy and security in the right-hand toolbar.
  • Under Safety check, click Check now (or the arrow to perform it again).
Malware on Google how to remove

If Chrome find any issues, you’ll be able to tap on the option and follow the instructions to see how to handle the it. For those who don’t want to give malware hiding on web pages any chances, you can also turn on Advanced protection.

  • In Privacy and security, click on Safe Browsing under Safety Check (or Security under Privacy and security).
Malware on CHrome how to remove
  • Select Enhanced protection to turn it on.
Google Chrome Advanced security

Turning on enhanced protection does what it says on the tin. Google states it offers “faster, proactive protection against dangerous websites, downloads and extensions,” along with warning users about password breaches. It’s important to note that enhanced protection requires browsing data to be sent to Google.

The default standard protection also protects against these, but it won’t send URLs to Google’s Safe Browsing tool to check them or send samples of pages, downloads and extension activity to help Chrome discover new threats.

For more easy ways to remove malware on Chrome, we’ve got you covered.

Darragh Murphy
Darragh Murphy is fascinated by all things bizarre, which usually leads to assorted coverage varying from the mischievous world of online security to washing machines designed for earbuds. Whether it's connecting Scar from The Lion King to two-factor authentication or turning his love for laptops into a fabricated rap battle from 8 Mile, he believes there’s always a quirky spin to be made. When he's not checking out the latest devices and all things tech, he can be found swimming laps, watching terrible shark movies, and trying to find time to game.  Previous Editor at Laptop Mag and News Editor at Time Out Dubai, specialising in food culture, nightlife events, gaming, tech and entertainment.


Please enter your comment!
Please enter your name here