NEW YORK, June 19: Cybersecurity experts have raised alarm over a newly identified and highly sophisticated malware that masquerades as Google Chrome and Microsoft software, posing a significant risk of financial theft to users of Microsoft devices.

Since March, Proofpoint, an online protection firm, has been tracking an ongoing malicious campaign characterized by what they describe as "cybercriminal threat actors adopting new, varied, and increasingly creative attack chains."

Recent findings by Proofpoint in June have revealed a substantial increase in the distribution of this malware. It operates by presenting fake updates within internet browsers like Chrome and imitating popular programs such as Microsoft Word, all with the intent of deceiving users into downloading a harmful series of code.

Once downloaded, the malware initiates a delayed, Trojan Horse-style attack, granting it access to cryptocurrency holdings and sensitive personal information stored on the victim's device.

The modus operandi often involves a deceptive update prompt appearing on Google Chrome, typically on a compromised website, instructing users to "copy the code" provided. Users are then directed to open PowerShell, a Microsoft program for scripts, and paste in the malware themselves.

This malicious software, referred to as a "hijacker," is capable of redirecting victims' cryptocurrency funds to the attackers rather than the intended recipients. Additionally, it employs tactics such as email lures, resembling phishing attempts, to target unsuspecting users.

Emails containing HTML files resembling Microsoft Word documents with fake error messages have been utilized in these attacks. One such message read, "'Word Online' extension is not installed," accompanied by deceptive buttons prompting users to "fix" the issue by executing malicious PowerShell commands.

According to Proofpoint, this campaign has affected over 100,000 messages and targeted thousands of organizations globally. Even Microsoft's cloud storage service, OneDrive, has been falsely represented in a similar fashion.

Commenting on the sophistication of the malware, Proofpoint noted, "The social engineering in the fake error messages is clever and purports to be an authoritative notification coming from the operating system," adding, "It also provides both the problem and a solution so that a viewer may take prompt action without pausing to consider the risk."

Users are advised to exercise caution when encountering unexpected prompts or messages, especially those requesting actions such as copying and pasting code into PowerShell, and to ensure they have up-to-date cybersecurity measures in place to mitigate the risk of falling victim to such sophisticated attacks.