Tech

‘Clever’ copy-and-paste scam targets Google Chrome users, cybersecurity experts warn — here’s how to stay safe

By
Emma Kirk, Kidspot
Published June 25, 2024, 1:17 p.m. ET

Google Chrome users are the latest group of people being targeted in a scam that directs them to copy and paste malicious malware onto their computers.

Cybersecurity experts Proofpoint warned users to be aware of popup notifications that claim an error has occurred while trying to open a document or web page.

A Proofpoint spokesperson said the popup box instructed people to paste text into a PowerShell terminal or Windows Run dialogue box.

screenshot
A Proofpoint spokesperson said the popup box instructed people to paste text into a PowerShell terminal or Windows Run dialogue box. Proofpoint

“Although the attack chain required significant user interaction to be successful, the social engineering was clever enough to present someone with what looks like a real problem and solution simultaneously,” the spokesperson said.

“While this should raise red flags, the scam is sophisticated enough to deceive unsuspecting users into thinking they are solving a problem.”

Proofpoint claim spam distributor TA571 and ClearFake are responsible for the attacks which were first detected in March.

screenshot of message
“Although the attack chain required significant user interaction to be successful, the social engineering was clever enough to present someone with what looks like a real problem and solution simultaneously,” the spokesperson said. Proofpoint

“They are known for high-volume spam campaigns and fake update threats,” the spokesperson said.

The malware installed through these attacks focused on credential theft and fraudulent cryptocurrency transactions.

Proofpoint recommended that people never share their personal or financial information with someone you do not know to avoid being scammed.

hacker on computer
The malware installed through these attacks focused on credential theft and fraudulent cryptocurrency transactions. Gorodenkoff – stock.adobe.com

People should never click links or open attachments from unknown senders on email, text, social media or online.

Spelling and grammatical errors in confirmation emails or inaccurate domain names usually indicated the message was a scam.

Always be careful ordering from websites you’ve never heard of and only communicate with an organization through official channels on company websites, do not reply directly to emails, or click on links provided.

Do not share passwords with people and ensure you change passwords regularly. Consider using a password manager to help protect your personal information from being stolen.

Pay attention to emails or phone calls you weren’t expecting.