This is why Ad blockers are a MUST for everyday web browsing. Yet Google wants to take that away from us

Imagine my confusion when I got that popup on Firefox 💀

OK, that was pretty scary as my wife asked me about doing an update like this a few days ago, and luckily I said let the auto update do it. Thank you!

Funny you mention that, just yesterday some big phone manufacturer flagged google as malware. Following the forums was kind of hilarious. But that aside.

This just goes to show how important it is to NEVER open an .exe file until you are 100% sure it comes from a reputable source

Advertisers need to be held liable for all of the malicious ads they put up.

I actually ran into this on a website a few weeks ago. It looked totally suspicous to me and the blue button to "Update Chrome" had some very strange address so I closed the page and notified the owner immediately. I consider myself pretty tech savy and I almost fell for it so the average person would easily fall for something like this.

Thank you for educating us and keeping us safe!

Step one: don't click every download button you see. Maybe Google should make it clear that chrome updates itself without needing to download random exe files. Maybe they should do something similar to Microsoft, in terms of Microsoft actively detects when you go to a Chrome download to essentially beg you to not. They should detect fake chrome, download pages and warn users.

This why adblock will never die

This is a reminder that "your browser comes with automatic updates" PSA that we sometimes see isn't out of nowhere. People need to know that every browser these days updates automatically and popups like these are all bogus.

Reading through the comments, it seems like so many people still have no clue. This problem is not limited to Chrome, or Firefox, or Windows, or Linux. It is a JavaScript thing, so it could happen on any system. I'll try to summarize and keep it simple for those not as techy. When you're browsing the web and a pop-up appears telling you need to update your browser, do NOT click on it. Not even when you're browsing your frequently visited sites because these sites could have been hacked to send you the fake prompts. The malware may steal your accounts' information in split seconds, then unload itself before anti-virus could detect them. If you need to update your browser or *any* software for that matter, always go through the official website only, and not by some 3rd party or "convenient" pop-up.

This happened to me but from a crack file, I was so stupid and confident about my knowledge since I also use 2FA on all my accounts. I ran the exe file and nothing happened. Then, i wasn’t aware about things like session hijackings and suddenly my youtube has weird ass watch histories, good thing I was able to change it quickly

Let auto update do updates and click nothing especially downloads. Man it is dangerous out there these days.

I have an question i followed an tut how to see if someone hacked your pc by typing netstat in cmd because in last time my laptop is shuting down automaticly and sometimes i cant log in my antivirus programms say nothing (im using kaspersky premium and win defender) but when i type netstat in cmd 1 link ends with 7474 insted https or http PLEASE REPLY HOW TO REMOVE THIS HACKER OR WHATEVER THAT THING IS I WHOULD BE HAPPY

good that i know how actually update browser properly, but this ”kind of update” is very scary

Could you do a tutorial on how to detect a virus that isn't visible in process explorer, autoruns, tcpviewer etc? Is it possible to do this in a simple way? EDIT. I forgot to mention that I would like to do this manually. As you know yourself, antivirus doesn't always detect everything.

I remember seeing a fake malware Firefox update that kept popping up years ago when I was using the real Firefox. I accidentally downloaded it not knowing it was fake. I was a kid when I did it and i realized that it was a malware because my grandpa told me it was and I told him I didn't know because it looked real

Thank you for the in depth rundown! I do have a question though: how effective are these types of stealers when using Firefox's Master password or Edge's 2fa? Thanks!

I will show this video to my students tomorrow!

Since they can detect the browser that is being used, this same sort of attack / vulnerability can affect any and all browsers (by just displaying the name of the browser rather than “Chrome”), since it tries to take advantage of unsuspecting users.

Where can we download the Sysinternals tool that you were using to demonstrate the infected file?

That's scary how convinced I would have been by that update page, I would have been really sus of the downloaded file, though.

Great video, spreading awareness on such topic is very significant. I would likely fall for it because it seems very convincing

Hey Just quick question I have "Control folder access: Enabled" on MS defender mean, even if this run windwos defender will flag it as trying to access my inner root folder hence it will be bloked right??

A question I am curious about when it comes to the passwords being stolen would it be able to steal passwords that are inside a password manager like 1Password?

Thanks for keeping us informed.

From my personal experience, Bitdefender would not even approve this download. The file would end up directly in quarantine ☺

Another thing to look out for is the site URL when that update page pops up. Definitely not a Google link. And if it pops up in a separate window where it's hidden, a definite no.

There are people who will see their anti-virus block it, then decide to override that decision thinking their AV is wrong because it is “just a Chrome update from Google.” I think it best if the AV silently blocks it and then if checked for info it shows why.

So many people can be saved by just knowing never to open a .exe file unless you initiated it yourself or you know where it's from.. Adblock is invaluable in this example as those pop-ups would be most likely blocked.. There has been multiple times where I have tried to download something and notced it was a weird .exe file with a different name and stopped it in time, thanks to videos like this. Love the work man, keep it up.

Question: I know info stealers steal login details stored in browsers. Does anyone know if they also steal information from browser extensions? eg. can an infostealer steal information from a password manager browser extension like Bitwarden?

What's wild about these kind of attacks is that some variants can do their job without any privilege escalation. As long as web browsers use their host OS current user session and credentials to "lock" saved passwords, it will never be secure to keep your passwords saved in them. And attacks targeting opened browser sessions are becoming more common too. Crazy stuff

Thanks for sharing these videos. Just found your channel

Thanks for keeping us informed my dude!!!

If that happened to me I would just look for another tutorial or see if there was a cached/archived version of that website, because I don't want to update.

Literally JUST happened to me and I closed the browser immediately. I am beyond glad I watched this video weeks prior. Thank you.

In your video, you said that they probabily steal the passwords saved on the browser. How about on password managers? Extensions or Windows based ones? I know they usually are encrypted on device, but still, are there a chance they can get to it?

That's a nasty one, thanks for the heads up.

I am not so tech savy, I have a question :bitdefender or kaspersky installed on my pc would have blocked that file or not?

I like to think I wouldn't ever fall for stuff like this but considering the sophistication of some of these attacks I 100% could see myself clicking on one of these when I'm tired or in a rush.

how does one go about hardening their WordPress to avoid this kind of infection?

Set your settings for notification system to high alert and make sure you have system protection on in system configuration for configuration to high as well and turn off the remote tcp settings known as connection crossing in world connections in system configuration. It'll make it a lot more harder for malware and people to get in on your computer. And if you sat admin administrator for certain settings and makes it even harder for them to get into the system. Cuz then they need administrator access but then you have all your configuration so it makes it even harder for configuration access and administrator. Access through remote connections .. my CPU runs at 10%

So only update by going to about and ignore popups that say update correct?

This reminds me of the good old flash player installer, thanks for covering this program

How will I ever find out it this has happened? Would malware bites pick this up? I have the browser guard and paid pro version?

At least on firefox the update is automatically downloaded in the background as soon as you open it, and you can check by open the 3 stripes on the top right corner, go to help and About to see which version you have. That is the proper way to do things, don't do what a popup tells you to do A to get B. The developers automatically update your browser when possible, in the background.

If a webpage notifies me my browser is outdated, I just ignore that (especially, when I just updated). This stuff has been around since ages (For Java, Adobe Flash) and no one should trust it at all.

I have been recently getting some UAC prompts about Google chrome update randomly on my computer when chrome is closed. Every time I click yes. Is this also a virus?

WOULD u plezzz do the comparison video between Bitdefender , Kaspersky & Norton which one is THE BEST & comes out as winner ....also what is UR FAV or the BEST Antivirus total security software OF this year!

Why didn't you show the network traffic like wireshark or fiddler?

It amazes me that in following your instruction, there is nothing the same in my computer which is running Windows 11. By searching, I have found "properties" and I found "Advanced system setting" but I can not find the page next that you talk about. Help! I want to check. By the way, I don't think I have seen the Google update you are referring

What a blessed channel!

Thank you for the info - I'm asking me if X operation systems would help ? THX

Does it leave anything on your computer if you happen to click on it? If so where to go and delete it.

What methods are used to hack wordpress websites? What method or methods were used to inject those javascript codes in the articles?

i think i might have installed it, i did found it sus that i need to install an installer for update as it happens in background mostly but the popup appeared automatically in the browser as soon as i opened it twice and not on a site so i did it and seemed petty legit too. Also after i ran the program unlike in the video chrome seemingly installed/reinstalled some stuff and a new "what's new in the update" window appeared. and yeah it happened a while ago like 2-3ish weeks So i was curious that was it legit or i messed up

ok so the malware executes then hides itself so later if u check process explorer, you wouldnt be able to see it show the total virus to indicate anything bad happens. so question is, how would u know? people would be oblivious to this. not to mention some malwares also hide their activity when you open task manager, and goes dormant. but later when u close it, it's back to ramping up cpu to 100% up to no good. would be useful if you taught how us users would be able to detect that and also remove.

Some white hackers have found ways to get control of a windows host server from the windows virtual host. So testing in a VM is still dangerous even so this specific vulnerability has provably been fixed since. (Was a virtual box vulnerability)

Hello sir, i got this on my pc and everything was stolen, but my problem now is that my pc starts running slow after everything was stolen. Can I ask you where could i start to clean my pc?

I remember these back in 2012-2013 on the macbooks. Our schools website got hacked and everyone who visited got a update pop-up. Most people downloaded it.

I think I ran into a website that was trying to do this but my AV (ESET) blocked it (doing more research it found some code in a WP theme that someone used). However I never found out if this was the case because my AV simply shut down the connection and blocked the entire site. For updates, generally I just download the installer again and run it, since it will update the browser in question if it finds an out-of-date version in most cases.

Why does my chrome browser or any application switch off when I search "virus" or "antivirus", spyware, all of these make the application crash. can you make a video on that

Depending on the time of the day, I could have fallen for the "popup" But I would never click a .exe file for updating anything

Can you pls make a video on how to not make a virus made in a vm escape jnto the host pc? Thank You 🙏

Interesting that this came up. My Chrome has been telling me that it can't update for the past few days, and I had a moment the other day where I enabled cookies for something and then I kept getting windows notifications saying my McAfee anti-virus had detected a million viruses. I don't have McAfee installed. I deleted all cookies because I knew what I had clicked and it stopped. But I'm sort of suspicious now.

How does this malware steal passwords? Is it the memorized passwords on the browser (isn't that encrypted?) or the cookie for the sessions?

Which Antivirus would you prefer for your Mobil Phone and Pc ? Or waht do you have?

Thanks for the heads up.

Is it me or Kaspersky prevents the Guardio article from opening?... It claimed it stopped something from downloading yet nothing show up in the logs...

Whats your opinion about ESET NOD32 ? Thanks

Great info I like it keep me updated 😊👍🏼

I did not know about this but I initiate all my updates. Usually manually or with some programs I let them auto update. But even an auto update will not be going to a fake web site. It seems like the same general good rule of thumb that applies to emails, texts, telephone calls and everything. If it is initiated from the outside, be very cautious. It has been years since I retired from IT but even back in the day when auto protection was not as good, the majority of times I was helping someone with malware it was self inflicted.

Reminds me of one of those popups that says it's an update for your phone.

Never had this problem ever since switching to quad9 DNS and cloudflare DNS with malware filtering

*Could ublock origin block such things* ❓❓

Thank you. I am curious about the solution to this?

This is why I go directly to the settings menu within chrome or any/every other program to check for updates that has it, never follow a pop up for any kind of download or update, especially if the program doesn't normally stop operating due to a lack of update or if there's a new update available.

Good thing I have never used a Chromium based browser. Wise move on my part. My second one was switching to Linux.

so, would ublock block it or no?

and this at a time when YT forces ADs which themself can be infected.

well the thing is though for me i always check on Microsoft edge under settings check for updates

Can steal password credentials from online password manager like bitwarden?

and this is why i don't use manual updates, i'v set it to auto and as far as i know only the real update can auto update, all i see is when i first start the webapp is "its has bin updated to the latest version". i also hover over all links i'm about to click to see where it leads, if it looks just a tad iffy its a no click for me. same goes for mail, never send me a link because i'll NEVER click links inside mails EVEN if it comes from FRIENDS. yea i'm this paranoid, and even me do get infected from time 2 time, so i'm constantly changing how i use internet.

i got an ad for chrome’s malware protection before this video

Can anyone help? My friend has this and everytime he deletes it, it pops up again

I clicked the update button. But never ran the script, deleted it from my downloads and recycling bin. Am I good?

What can i do if someone break in to my house and has the ability to get in to my pc over and over again?

What process explorer is that?

Well not a surprise. Once I got a pretty damn page with a fake Windows desktop, an error saying I have to install a program to cleanup the system because there is no storage left with as well cortana voice as tts. As well they were the first times for me using a computer but I didn't fall for that.

Is it me or did it not show any UAC warning?

How do I get it out?

Can you test the new 2024 version of comodo?

Thanks for the information

You ever test against Acronis?

who updates browser from website. browser does itself.

Coulda swore I saw something like this and decided against it because I didn't want to reset my browser

so.. does the pop actually go away when you run the file ?

I think people who checks email address at work to make sure if it's not a fake or scam will also realize if they need an update for browser and usually browser will do it automatically

5:45 jokes on you. My firefox update is disabled