Cybercriminals are creating fake Google Chrome browser updates and infecting Windows users with many types of malware in a multi-step and persistent process, a study by Russian antivirus firm Dr. Web has revealed.

"Targeted are users in the United States, Canada, Australia, the United Kingdom, Israel, and Turkey who use the Google Chrome browser," Dr. Web researchers said in a blog post yesterday (March 25).

As of this morning (March 26), the malware, which has two similar variants, has been downloaded more than 3,000 times, according to logs from the legitimate code repository used to store the malware.

One of the fake installer programs is called "Critical_Update.exe" and was created on March 13. The other, "Update.exe," was created only yesterday.

The best way to avoid becoming a victim of this attack is to install and use the best anti-virus software that will eventually detect and block the malware. (According to the malware detection index VirusTotal, only a handful of anti-virus software can easily detect this malware as of this writing.)

Alternatively, we can use only Mozilla Firefox for a few days until most antivirus companies catch up and block this threat; since Microsoft Edge currently shares its infrastructure with Chrome, we are cautious and avoid using Edge Edge.

But more importantly, don't install anything from a website that tells you that you need to update your Google Chrome browser; Chrome is not designed to do that and will update itself behind the scenes, so you rarely need to do anything if you have already installed it. If you have already installed it, you rarely need to do anything.

The attack takes place in several stages. First, hackers attack vulnerable WordPress-based websites, "from online news blogs to corporate pages," as Dr. Webb puts it, and insert malicious but invisible JavaScript code into the site's web pages.

Visitors to the corrupted site using Google Chrome are quietly redirected to a fake Google page that informs them that they need to update their browser, along with a handy button for downloading.

If the victim falls for this trick and installs the "update," they are actually installing TeamViewer, a legitimate remote desktop tool that allows hackers to take real-time remote control. They also install a script that prevents the Microsoft Defender antivirus software built into Windows from noticing what is going on.

According to Dr. Web researchers, hackers use TeamViewer to install spyware on infected computers and keyloggers to capture passwords and user names. In fact, hackers can install almost anything on a machine, including ransomware, cryptocurrency theft, botnet malware, etc.

(Tech-savvy users can try blocking TeamViewer's preferred port, port 5938. However, TeamViewer uses ports 443 and 80 by default, so blocking them will block all web traffic).

Millions of websites use the free WordPress web publishing platform, and the core WordPress developers are quickly fixing security flaws. The problem is that WordPress, being an open platform, has thousands of optional plugins that anyone can write and website administrators can use to add features and functionality.

Many of these third-party plugins have security holes that criminals can find and exploit, some of which are undoubtedly malicious.

If you use WordPress for your blog or website, keep your WordPress core build updated and use plugins with caution.