Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Cybercriminals have disguised malware as important Google Chrome security updates

Cybercriminals are disguising dangerous malware as important Google Chrome security updates – and they’re spreading it through news sites.

The malware was first spotted by analysts at antivirus company Doctor Web. According to Doctor Web, a number of websites that use the WordPress CMS platform have been hacked and embedded with some pretty dodgy JavaScript code.

Related: Best laptop

The code redirects visitors to a phishing site that feels eerily familiar to Google’s own Chrome update page.

“Now more simple, secure and faster than ever – with Google’s smarts built-in,” claim both the official security update and the fake one.

But, while the page claims to host an important security update for the popular internet browser, Doctor Web warns users not to download the update.

“The downloadable file is a malware installer that allows attackers to remotely access and control the infected computers,” Doctor Web’s report reads. “Over 2000 people have downloaded the fake update so far.”

The cybercrims reportedly managed to gain administrative access to a handful of websites to create an infection chain. Meaning that, rather than beef up your browser’s security, clicking ‘Download Update’ will instead load up a malware installer that could allow an attacker remote access to your computer.

Related: Best VPN

Google Chrome users from the UK, US, Canada, Australia, Turkey and Israel have reportedly been targeted by the criminal group.

The dodgy Chrome update has a digital signature that is identical to the fake NordVPN installer released by the same cybercriminal group in the past. The same group has also been found responsible for spreading a fake version of the VSDC video editor through the company’s official website as well as through the CNET software platform.

If a Chrome update pops up after you visit a blog or news site, you’ll probably want to think twice and make sure everything is legitimate before clicking the download button.

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have 9 million users a month around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.