Summary of issue:
Researchers warn that the convincing Google Chrome update download is being linked to from multiple WordPress-powered sites that have been compromised by hackers. Those pages, including everything from news blogs to official corporate sites, have been hit by a threat actor with a history of successful hacking campaigns.
Once the file is executed, a TeamViewer remote control application is installed along with password-protected archives that contain files that the threat actors use to obfuscate the malware from Windows antivirus protection. Further malware payloads can then also be delivered, including a keylogger and a sophisticated Russian-based data stealer.
Mitigation advice for Google Chrome users
If you are a Google Chrome Web browser user, remember that Chrome was actually the first to include the feature of automatically updating itself. It will regularly check for any updates and these will be applied when you start the application. You can check you have the latest version, which is 80.0.3987.149 as of March 26, by going to Help|About Google Chrome from the "three dots" dropdown menu in the top right-hand corner of the browser. If, for whatever reason, you are not running the latest version, this will also kickstart the update process. You will never genuinely be redirected to a Web page where you are asked to download an update from Google.
