browser update Archives

Tech Optimizer

March 3, 2025

New malware exploits fake updates to steal data

Recent developments indicate that Mac users are facing an escalating threat from malware designed for macOS systems, particularly with the emergence of a strain called FrigidStealer. This malware spreads through deceptive browser update prompts on compromised websites, leading users to download a malicious DMG file that seeks elevated privileges to steal sensitive information. Cybersecurity firm Proofpoint has traced the operations of FrigidStealer to two threat actors: TA2726, a traffic distribution service provider, and TA2727, which delivers the malware. This campaign also targets Windows and Android devices, indicating a multi-platform strategy. Additionally, the rise of infostealer malware has compromised approximately 330 million credentials in 2024, with around 3.9 billion credentials circulating from infostealer logs. Users are advised to adopt protective measures, including being cautious of fake software updates, enabling two-factor authentication, using password managers, and exercising caution with downloads and links.

Tech Optimizer

February 28, 2025

Mac security researchers expose two new exploits

Researchers have identified two significant exploits affecting Mac security. The first vulnerability, reported to Parallels seven months ago, will be addressed in upcoming fixes for Parallels Desktop versions 20.2.2 and 19.4.2, which are expected to be released within the week. Apple silicon Macs are not affected by this flaw. The second exploit involves a new malware strain called FrigidStealer, which uses deceptive emails to trick users into downloading an installer that bypasses macOS’s Gatekeeper security, allowing it to capture sensitive information like passwords and browser cookies. Users are advised to avoid downloading software from unverified sources, exercise caution with email links, use Control-click to inspect URLs, and regularly install security updates.

Winsage

February 23, 2025

Microsoft Windows Warning—Do Not Install This Critical Update

A significant alert has been issued regarding a new browser update threat targeting Microsoft Windows users, as reported by Palo Alto Networks’ Unit 42. Attackers are injecting malicious JavaScript into legitimate websites, misleading users into believing they need to update their browsers. These deceptive messages often use realistic branding and create urgency, prompting users to download and execute scripts that enable malware to retrieve the NetSupport RAT code. This malware allows for remote device control, data exfiltration, and modification of the Windows Registry, complicating its removal. On February 18, 2025, the NetSupport RAT delivered StealC, a credential-stealing malware designed to capture sensitive login information. The SmartApeSG campaign highlights the risks of social engineering and fileless attack techniques, exploiting trusted software update mechanisms. Recommended mitigation strategies include blocking domains linked to SmartApeSG, deploying signatures to detect malicious JavaScript, monitoring anomalous process relationships, restricting PowerShell execution policies, and educating employees about fake update prompts. Users are advised to follow conventional methods for browser updates, check for updates through their browsers, and ensure automatic updates are enabled.

Winsage

July 29, 2024

Google breaks password manager with iffy Chrome update

Google issued an apology for a disruption affecting its password manager for millions of Windows users, which lasted nearly 18 hours and was resolved on July 25. The issue impacted users of the M127 version of the Chrome browser on Windows, making saved passwords temporarily inaccessible. Approximately 2 percent of users within the affected 25 percent experienced this problem, potentially impacting over 17 million users given Chrome's market share of 65.68 percent among the 5.4 billion internet users in 2023. The root cause was identified as a "change in product behavior without proper feature guard." This incident highlights the risks associated with browser-based password managers, as a single flawed update can render a user's password vault unreachable.

AppWizard

July 29, 2024

Samsung is refreshing apps ahead of One UI 7 beta

Samsung has updated its Clock app to version 12.4.00.9, available through the Galaxy Store and via APKMirror. The update features a modern design with new widgets, a notification pill, and enhanced icons for alarm, world clock, stopwatch, and timer functionalities. Additionally, the Samsung Internet browser has been updated to version 26.0.8.1, with a redesigned app icon that tilts in a different direction and has a darker hue. More updates to Samsung applications are expected as the One UI 7 launch approaches, including new app icons and rounded UI elements.