Hackers are taking advantage of the launch of the Arc browser on Windows to trick victims into downloading malware.
Arc is a relatively new internet browser, first released for macOS in the summer of 2023, and initial feedback from both media and users was positive enough to prompt the release of a version for Windows as well.
However, at the same time, unidentified hackers were creating websites with misspelled domains, seemingly identical to the browser's actual website. They were also creating ads on Google that, due to certain issues with the network, showed the legitimate website, but redirected people to the misspelled site.
Detect bad ads
This meant that customers who wanted to install Arc on their Windows device and had used Google to search for it would find an ad at the top of the Google search results page.
The ad apparently pointed to the site's real website, but took victims to a malicious site that offered an infected version of the browser installer, hosted on MEGA, for download.
Anyone who downloaded this installer would get the browser, but also malware that, according to initial reports, appears to be an information stealer, although confirmation on the nature of the malware is still pending.
Hackers always take advantage of major events and product launches to try to trick people into revealing sensitive data or downloading malware. Events like the FIFA World Cup, Olympic Games, Chat-GPT launch, Windows 11 launch, and others have been abused in the past to deliver incorrect codes to people.
The best way to protect yourself against these attacks is to always type the website address into your browser, rather than “just Google it.” If you don't know the site, be aware of the search engine results and always check the characters in the address bar before downloading anything.
Through beepcomputer
