Hello and welcome to the Monday, April 17, 2023 edition of the Sansonet Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Augusta, Georgia.

On Friday, NTT security, a Japanese security company posted an interesting blog post

describing a group of attacks that

uses fake Chrome error messages. Now, just about a week ago, we noted that the attack against

eFile.com used a similar technique. However, these two attacks appear to be not related, at least after

the error message, we do see quite different behavior.

The attack entity describes appears to be a step more sophisticated.

It does do privilege escalation.

Apparently, one way it's doing that is by using vulnerable drivers,

but it then also not only installs a crypto coin miner, but it also does use additional techniques to, for example,

exempt that crypto coin miner from Microsoft Defenders scans.

It'll also schedule itself and then terminate Windows updates.

So overall, in particular, the privilege escalation part is quite a bit more sophisticated

than the more clumsy malware that we have seen from the eFile.com attacker.

So these fake error measures, certainly something

that you should include in your security awareness presentations.

They do trick the user into installing the malicious update.

And that's probably the message to get across here

that these error messages,

while they look okay,

they look like something legitimate,

...