Fake Google Chrome Alerts Are on the Rise: This Is How You Spot One

Fake Google Chrome alerts are becoming increasingly sophisticated, tricking users into running malicious scripts that compromise their systems. Here’s how these fake alerts work and what you can do to protect yourself.

What Are Fake Google Chrome Alerts, and How Do They Work?

Fake Google Chrome alerts are deceptive messages that mimic legitimate system notifications. Their main goal is to trick you into executing harmful commands.

These alerts typically appear as:

• System Errors: Messages claiming there is a critical system error that needs immediate attention.
• Update Notifications: Alerts suggesting that your browser or other software is outdated and needs an urgent update.
• Virus Warnings: Fake warnings claiming that your device is infected with a virus and needs an immediate scan or fix.

The fake Google Chrome alerts use a few different methods, suggesting different hacking groups using similar approaches. For example, according to Proofpoint, the ClearFake attack uses a series of compromised websites and blockchain scrips to infect your device, while the ClickFix variant uses compromised sites and iframes to deliver malware to your machine. Similarly, another attack uses malicious HTML attachments and fake error messages to trick you into copying dangerous commands and compromise your machine.

In each attack type, the user is prompted to open Windows PowerShell and copy and paste the code provided by the fake alert. As you can probably guess, if that happens, additional malware is downloaded and installed on the device, leading to data theft, malware, and ransomware such as DarkGate, Vidar Stealer, Matanbuchus, and NetSupport. Furthermore, while the fake Google Chrome alerts were a significant issue, ProofPoint also noted fake alerts in Microsoft Word and other Office programs, along with Outlook.

How to Spot Fake Google Chrome Alerts

The fake Google Chrome alerts are convincing, but there are a few ways you can try and spot them:

• Suspicious Requests: If an alert window makes an unusual request, like running a PowerShell script or installing a root certificate, it’s a clear sign of an infection. For example, Proofpoint observed attacks where users were tricked into copying and pasting malicious scripts into PowerShell, resulting in malware installation.
• Unexpected Pop-Ups: Genuine Google Chrome alerts don’t appear out of the blue. So, be wary of sudden Chrome pop-ups, especially those urging immediate action.
• Grammar and Spelling Mistakes: Fake alerts often contain grammatical errors, which are rare in legitimate notifications. However, the advent of generative AI does mean spelling and grammatical errors in malware are decreasing.
• Unfamiliar URLs: Fake Chrome alerts usually contain strange and unfamiliar URLs. And in most cases, the URL is insecure, which means it uses HTTP instead of HTTPS.
• Too Good to Be True Offers: Suspicious Chrome alerts may often claim to offer free software, such as malware removal tools.

Spotting a fake Google Chrome alert is surprisingly similar to spotting a phishing website and often results in the same issues!

How to Protect Yourself From Fake Google Chrome Alerts

You can also be proactive in your defense against fake Google Chrome alerts and other types of phishing and malware by taking the following steps:

• Avoid Scare Tactics: Fake alerts often use urgent language and scare tactics to prompt immediate action. So, always take a moment to evaluate the alert before responding.
• Cross-Check With Google: Search for the alert message online to see if it has been reported as legitimate. If you can’t find it anywhere online, that’s another red flag.
• Use Browser Security Features: Enable browser security features, such as enhanced safe browsing mode, to help protect against malicious sites and downloads.
• Avoid Clicking on Suspicious Attachments: Be cautious with links and attachments contained in suspicious Chrome alerts. These can often lead to malicious websites or trigger the download of harmful software.
• Keep Software Updated: Regularly update your browser and other software to ensure you have the latest security patches.

It’s not always easy to spot a malicious Chrome alert (or any other alert for that matter). They’re designed to be as real as possible. Otherwise, they wouldn’t work. But by taking a moment to double-check any alerts, you could save yourself heaps of pain down the line.