Fake Google Chrome updates leveraged in malware distribution campaign

Several websites, including news sites, blogs, online stores, and adult sites, have been compromised with scripts enabling fraudulent Google Chrome automatic update prompts that facilitate malware distribution, BleepingComputer reports. Malicious JavaScript code is being sent to commence the attack, which will be followed by subsequent downloads of additional scripts, whose origins have been obfuscated by the usage of the Pinata InterPlanetary File System service, a report from NTT showed. Fake Google Chrome error screens indicating a required automatic update will then trigger the download of a 'release.zip' file that has a Monero miner, which leverages the bring your own vulnerable driver technique to facilitate WinRing0x64.sys vulnerability exploitation and acquisition of SYSTEM privileges. Aside from including scheduled tasks and conducting Windows Defender exclusions, the Monero miner also halts Windows Update and disables antivirus systems before connecting to xmr.2miners[.]com, which is then followed by Monero mining. Such an attack could be prevented by avoiding security update downloads from third-party sites.