What Is FakeUpdates Malware?

FakeUpdates malware is a type of malware that creates false prompts for users to download a new update to their computer, browser, or computer program. Once a user accepts, the malware will download onto a device, leading to breaches, the downloading of additional malware or ransomware, or the loss of private login details.
FakeUpdates was one of the leading malware families of 2023 and continued to display high levels into 2024. In 2018, the notorious SocGholish malware made use of FakeUpdates to deliver their malware variant.

Lesen Sie den Sicherheitsbericht Demo anfordern

What Is FakeUpdates Malware?

FakeUpdates refers to malware that utilizes false browser updates to trick users into downloading malware. FakeUpdates malware infects a website with malware. Once a user navigates to this page, they’ll receive a seemingly normal message that their browser needs an update.

If they click on the popup to download the patch version, they’ll unknowingly download a malware package onto their computer.

FakeUpdates malware is especially successful as it understands that updating to the most recent patch of software is always an advisable cybersecurity tactic. Even those who do not work in cybersecurity will be familiar with the fact that the most recent patch of a program will include any vulnerability fixes.

By manipulating this desire to update, FakeUpdates has become a highly impactful form of malware.

SocGholish, the most well-known malware that falls under the FakeUpdates umbrella, is currently the 5th most common malware type by downloads.

How FakeUpdates Malware Works

FakeUpdates malware leverages browser popups to display a message that prompts users to update their browser to a more recent version. Some users may even attempt to click the

‘No’ option on this message still triggers the same download.

If you encounter a similar message when entering an unknown website, immediately close the window without clicking on anything on the page. If FakeUpdates malware is able to download onto a device, it will then begin to execute its payloads on your device:

Recording sensitive information from your device
Stealing account details, financial details, and other valuable data

The Threat of FakeUpdates Malware

FakeUpdates malware poses a similar threat to other types of malware.

If a user accidentally downloads FakeUpdates malware to their device, it could be the catalyst for security compromises. Some malicious actors may use this malware to:

Download further sources of malware
Bring ransomware onto the system

Alternatively, some threat actors will allow the malware to exist on the system in the background. Without alerting the user to its presence, the malware will then collect sensitive information and relay it back to the cybercriminals that control the malware.

On an individual’s devices, this could compromise their financial details and credit card information
On a business account, this could potentially lead to major security breaches and further data exfiltration

How to Prevent & Mitigate FakeUpdates Malware

There are several strategies that businesses and individuals can use to reduce the likelihood of encountering FakeUpdates malware:

Learn About Good Cybersecurity Practices: By educating either yourself or your employees about what these threats look like, you’ll be more aware of them going forward and will be able to identify them and exit off the page.
Utilize Endpoint Security: Endpoint security will constantly monitor your devices and look for potentially harmful files or links. This form of security will identify a website that contains potentially harmful content and will prevent you from connecting to them.
Employ Multi-Factor Authentication: MFA will prevent malicious actors from accessing an account, even if they have managed to extract the username and password from a malware tool. MFA sends out an authentication request to a second device. If the hacker doesn’t have access to both devices and the details, they will be unable to proceed further.
Construct Account Permissions: By constructing account permissions that restrict the total file and document access that certain accounts have, you limit the scope of access that one compromised account will have. This approach reduces how severe a single compromised account will be.

The Role of MITRE ATT&CK Techniques

The MITRE ATT&CK framework is a reference point for cybersecurity professionals that documents all of the potential methods that cybercriminals could resort to when attempting to carry out a cyberattack. As FakeUpdates is a form of malware, it has a chapter within the framework that helps cybersecurity teams to develop effective defensive strategies and understand how this malware works.

Navigating to the SocGholish page in the MITRE ATT&CK framework will offer 18 different security considerations to make – as well as a growing list of groups that use it. By understanding what techniques are most common, your business will be able to identify them and then develop strategies to mitigate them.

Malware-Schutz mit Check Point

FakeUpdates has consistently been one of the top contenders for the most downloaded form of malware for the past few years. Given how common this form of attack is, businesses need to have strategies in place to keep their systems protected and defend against malware.

Check Point Harmony offers an extensive endpoint cybersecurity solution, helping to cover every single one of your company devices with one easy-to-use system. Harmony utilizes AI-powered 360-degree threat prevention: