Legitimate websites are being infiltrated by hackers who inject malware that looks like a software update into the site’s code. The malware detects which browser you are using and displays an authentic looking update notification that matches. The malware is very stealthy as it only displays the fake update notification once. This has allowed it to avoid detection until now even though researchers believe it has been in place since at least December 2017.
How do you know the difference between a legitimate update notification or malware disguised as one? You don’t. The criminals are getting just that good. If you receive a notification that an application or browser needs updating:
- Close your application/browser.
- Reopen the application/browser.
- Go to your application/browser settings.
- Locate and select the Update command.
Note that the Update command is sometimes found with the About this application information instead of with the settings. Updating the application or browser within the application itself is the only safe way to ensure your application or browser is up to date.