Users Urged to Address Immediate Threat: Unprecedented Drive-By Chrome Hack

Users Urged to Address Immediate Threat: Unprecedented Drive-By Chrome Hack

Update, February 9, 2025: This story, originally published February 7, has been updated with additional security issues affecting users of the Chrome operating system itself.

Google's security team has been occupied by a flurry of noteworthy security events, from uncovering a critical Linux zero-day for Android users to issuing a Zen alert for an AMD chip vulnerability. Even more positively, Google introduced a critical security update for Gmail users, impacting the platform in a remarkably effective manner. However, there's a downer to the news, with experts alerting users of an ongoing threat targeting individuals looking to download the Google Chrome web browser app. Here's what you should know.

TheSRAT: A New Threat for Chrome Users

Morphisec Threat Labs researcher Shmuel Uzan reported a complicated, multi-stage malware attack, dubbed TheSRAT (or The SubRat), using a drive-by download strategy to ensnare unsuspecting victims searching for the Google Chrome web browser app.

A drive-by download occurs when the user grants permission to install harmful software without realizing the cybersecurity implications. In these latest attacks, Uzan observed that the threat actors have employed tactics like phishing emails, malicious websites, and instant messaging platforms. In one instance, the attackers created a convincing Chinese telecom company domain, karlos[.]com.cn, to deliver the malicious app to victims.

Minimizing Drive-By Download Threats

While TheSRAT is nothing new, having been first observed in 2023, what stands out about these attacks is the sophistication in the techniques employed and the strategic targets chosen. The campaign explicitly targets finance, sales, and accounting professionals – individuals with proximity to sensitive data – as opposed to a broad dissemination tactic. Although the current campaign appears to target Chinese users primarily, cybersecurity experts warn that Western companies should remain vigilant, as cybercriminals often replicate successful strategies.

To stay safe, cybersecurity advocates suggest that finance, sales, and accounting professionals take extra precautions when downloading tools like browsers or browser extensions. Erich Kron, a security awareness advocate at KnowBe4, recommends going directly to legitimate publisher sites for downloads and avoiding third-party sites that may host malicious files since they often inject malicious payloads.

The Ongoing Challenge for Chrome Security

The latest attacks aren't the only challenge for Chrome users, with ongoing security vulnerabilities plaguing the platform. Android, Linux, macOS, and Windows Chrome users have been issued a string of high and medium-rated vulnerability warnings in recent weeks. The latest, reported February 5, impacted users across these operating systems.

Top 3 Chrome Vulnerabilities

1. CVE-2025-0444: A high-rated vulnerability affecting the Skia browser component of Chrome.
2. CVE-2025-0445: Another high-rated vulnerability impinging on Chrome's V8 JavaScript rendering engine.
3. CVE-2025-0451: A medium-rated vulnerability impacting the Extensions API.

Though Google has acknowledged these challenges and actively rolls out updates to address the vulnerabilities, ensuring that Chrome versions are up-to-date is essential. Users must be aware that their browsers will require reactivation after an update; activating Chrome by accessing the Help>About Google Chrome menu assists in checking the version status more easily.

To protect themselves from TheSRAT malware and maintain Chrome security, users can follow these measures:

1. Verify website authenticity and avoid suspicious domains
2. Enable Safe Browsing features in Google Chrome
3. Avoid downloading suspicious files
4. Use antivirus software with advanced threat detection capabilities
5. Download software from the official Google Chrome website or trusted app stores like the Google Play Store
6. Keep Chrome up-to-date with security patches
7. Monitor system activity for signs of unusual activity
8. Implement strict security policies to minimize download risks

By following these tips, users can drastically reduce the risk of falling victim to TheSRAT malware when downloading software through Google Chrome.

1. The recent attacks against Google Chrome users involve a complicated malware, TheSRAT or The SubRat, which uses drive-by attack tactics to download harmful software.
2. Chrome browser security experts have expressed concerns about TheSRAT, a multi-stage malware that employs drive-by download strategies, targeting finance, sales, and accounting professionals.
3. To strengthen Chrome browser security, it's recommended to download tools like browsers or browser extensions directly from legitimate publisher sites, avoiding third-party sites known to host malicious files.
4. Apart from TheSRAT, Google Chrome users are also grappling with ongoing security vulnerabilities, including high-rated threats like CVE-2025-0444 and CVE-2025-0445 affecting the Skia browser component and V8 JavaScript rendering engine, respectively.

Read also: