Skip to main content

Hackers are infiltrating news websites to spread malware

Some alarming news broke today that hundreds of U.S. news websites are unwittingly playing a big role in a new malware campaign that’s disguised as a Chrome browser update. This is quite a devious attack method since it’s considered an important security practice to update your browser as soon as possible.

The way hackers are delivering the malware is also clever. It’s coming via an advertising network that also supplies video content to newspaper websites across the nation. It’s difficult to identify and shut down this attack because it is applied intermittently. According to a tweet by the security research team Threat Insight, the JavaScript code is being changed back and forth from the normal harmless ad delivery script to the one that includes the hacker code that shows a false update alert.

Proofpoint Threat Research has observed intermittent injections on a media company that serves many major news outlets. This media company serves content via #Javascript to its partners. By modifying the codebase of this otherwise benign JS, it is now used to deploy #SocGholish.

— Threat Insight (@threatinsight) November 2, 2022

This is a serious problem since many people get their local news from these websites and trust them implicitly. Here’s what you need to know about this dangerous new malware campaign. When visiting a news site and after advertising loads, an alert might appear warning you that it’s time to update your browser.

A black fedora rests on top of newspapers infected with spreading green lines..
Image used with permission by copyright holder

According to Bleeping Computer, the message is tailored to match your browser, appearing to be an update for Google Chrome, Mozilla Firefox, or Opera. If you proceed with the download, it will be a malware package rather than a security update.

Thankfully, it’s easy to double-check by navigating to browser settings and checking if there are any updates available within the browser controls. Hackers have not been able to insert their malware links into the browser code. Alerts, on the other hand, can be triggered by websites and website advertising, so use extra caution with pop-ups.

Editors' Recommendations

Alan Truly
Computing Writer
Alan is a Computing Writer living in Nova Scotia, Canada. A tech-enthusiast since his youth, Alan stays current on what is…
Beware: many ChatGPT extensions and apps could be malware
OpenAI's ChatGPT blog post is open on a computer monitor, taken from a high angle.

ChatGPT fever has overtaken the internet, and rightly so since it's such a powerful new tool. Unfortunately, the most sought-after content is often fertile ground for hackers and scammers.

In a recent video, cybersecurity-focused YouTuber John Hammond warned that many ChatGPT extensions and apps could contain malware. It's a valid point, and we should all use caution when installing desktop browser add-ons and mobile apps.

Read more
Hackers are using AI to spread dangerous malware on YouTube
Windows shows a malware warning on a Dell laptop.

YouTube is the latest frontier where AI-generated content is being used to dupe users into downloading malware that can steal their personal information.

As AI generation becomes increasingly popular on several platforms, so does the desire to profit from it in malicious ways. The research firm CloudSEK has observed a 200% to 300% increase in the number of videos on YouTube that include links to popular malware sources such as Vidar, RedLine, and Raccoon directly in the descriptions since November 2022.

Read more
Great, hackers are now using ChatGPT to create malware
A laptop opened to the ChatGPT website.

A new threat has surfaced in the ChatGPT saga, with cybercriminals having developed a way to hack the AI chatbot and inundate it with malware commands.

The research firm Checkpoint has discovered that hackers have designed bots that can infiltrate OpenAI's GPT-3 API and alter its code so that it can generate malicious content, such as text that can be used for phishing emails and malware scripts.

Read more