Businesses across the US have recently embraced the new Arc browser for its shortcuts, preview capabilities, and sleek design. Gaining rapid popularity, it now competes with established browsers like Google Chrome, Microsoft Edge, and Firefox. However, a new malvertising campaign poses a significant threat to companies adopting this browser.
How Hackers Target Users
The Browser Company released the Arc browser for macOS in July 2023. Following positive feedback from critics, tech enthusiasts, and everyday users, the company launched a Windows version a few months later. This short timeframe has allowed hackers to exploit the growing user base.
Hackers create fake websites mimicking the legitimate Arc download page. By manipulating Google Ads, they exploit vulnerabilities to mislead users. These ads appear genuine, displaying the correct URL but redirecting to phony sites with slightly altered domains—adding or omitting a letter or two that users might not notice.
The Consequences of Falling Victim
If employees download this promising browser from a malicious ad link, it can spell disaster for the business. Clicking the download button activates a trojanized installer from MEGA, a cloud file hosting service. This installer conceals harmful code within a PNG file.
This packaging makes the malware appear innocent, but it allows an external server to execute commands, often stealing information. MEGA’s command and control center facilitates data exchange, putting companies at risk. Competitors can use this to steal sensitive information or conduct ransomware attacks, demanding payment before returning the data.
Protecting Your Company
If your company plans to try the new Arc browser on Windows, educate employees on good online habits. Advise them to avoid downloading apps from ad links and to stay away from Googling the name of the browser due to the risk of fake sites.
Instead, instruct them to type the correct URL directly into the address bar and check for typing errors before hitting enter. As a business owner, you should also use ad blockers to prevent malicious ads and employ antivirus software to scan all downloads for malware.
By staying vigilant and informed about the latest malvertising tactics, you can protect your brand, employees, and customers.
New Phishing Threats: Vishing and Quishing Explained
As a business owner, you’re likely familiar with phishing, which uses fraudulent emails to trick people into revealing sensitive information. Now, new threats called vishing and quishing are emerging.
What Is Vishing?
Vishing, or voice-phishing, uses AI technology to steal information over the phone instead of through emails. Attackers might pose as government agents or employers, or plant a phone number for victims to call.
How Vishing Affects Your Business
Hackers can impersonate your business and verbally ask customers for personal data. They may convince customers to download software, click on fake emails, or visit fraudulent websites, installing malware in the process.
What Is Quishing?
Quishing uses QR codes to direct victims to fake login pages. Scanning these codes can compromise accounts and credentials.
How Quishing Affects Your Business
Cybercriminals can mimic your email layout to send customers fake messages, prompting them to scan QR codes and sign into phony pages. This can lead to malware and ransomware attacks.
Protecting Your Business from Phishing Threats
Train employees to recognize and handle phishing threats. Teach them to avoid clicking links or scanning codes from unknown sources, and to verify suspicious requests with a manager. Implement security measures like multi-factor authentication (MFA) and email security solutions with QR code detection.
By hiring a company like Integrated Technology Systems to educate your team and using suggested defensive tools, you can safeguard your business against vishing and quishing threats. Give us a call today to keep your data safe.
Integrated Technology Systems
6 East 45th Street, Suite 400
New York, NY 10017
212-750-5420
https://www.itsnyc.com
